CVE-2023-29491: 
NixOS vulnerability analysis and mitigation

CVE-2023-29491 affects ncurses versions before 6.4 20230408. The vulnerability allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable when used by a setuid application (NVD, Debian Tracker).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is Local, requiring low attack complexity and low privileges, with no user interaction needed. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high (NVD).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability is particularly concerning when ncurses is used by setuid applications, as it could allow local users to trigger security-relevant memory corruption (NetApp Advisory).

The vulnerability was fixed in ncurses version 6.4 20230408. The fix includes configuring with '--disable-root-environ' to disallow loading of custom terminfo entries in setuid/setgid programs, mitigating the impact of the vulnerability. Programs run by the superuser remain able to load custom terminfo entries (Debian LTS).

The vulnerability was initially reported to the maintainer of the ncurses library by Microsoft's security team. The discovery led to coordinated efforts to patch the vulnerability across major Linux distributions including Arch, RedHat, and Canonical. Apple also incorporated fixes in their macOS updates (OSS Security).