CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17595 – ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17595
14 Oct 2019 — There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función fmt_entry en tinfo/comp_hash.c en la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admin... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15547
https://notcve.org/view.php?id=CVE-2019-15547
26 Aug 2019 — An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. Se descubrió un problema en el paquete ncurses hasta la versión 5.99.0 para Rust. Hay problemas de cadena de formato en las funciones de printw porque los argumentos de formato C se manejan mal. • https://rustsec.org/advisories/RUSTSEC-2019-0006.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15548
https://notcve.org/view.php?id=CVE-2019-15548
26 Aug 2019 — An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. Se descubrió un problema en el paquete ncurses hasta la versión 5.99.0 para Rust. Hay desbordamientos de búfer instr y mvwinstr porque la interacción con las funciones de C se maneja mal. • https://rustsec.org/advisories/RUSTSEC-2019-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19217
https://notcve.org/view.php?id=CVE-2018-19217
12 Nov 2018 — In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party ** EN DISPUTA ** En ncurses 6.1, hay una desreferencia de puntero NULL en la función _nc_name_match que conducirá a un ataque de denegación de servicio (DoS). NOTA: el informe original indicaba la versión 6.1, pero... • https://bugzilla.redhat.com/show_bug.cgi?id=1643753 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19211 – Ubuntu Security Notice USN-5477-1
https://notcve.org/view.php?id=CVE-2018-19211
12 Nov 2018 — In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. En ncurses versión 6.1, hay una desreferencia de puntero NULL en la función _nc_parse_entry del archivo parse_entry.c que conducirá a un ataque de denegación de servicio (DoS). El producto procede al path del código de desreferencia incluso después... • https://bugzilla.redhat.com/show_bug.cgi?id=1643754 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16879 – Ubuntu Security Notice USN-5477-1
https://notcve.org/view.php?id=CVE-2017-16879
18 Nov 2017 — Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. Desbordamiento de búfer basado en pila en la función _nc_write_entry en tinfo/write_entry.c en ncurses en la versión 6.0 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) o posiblemente ejecuten código arbitrar... • https://packetstorm.news/files/id/145045 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13728 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13728
29 Aug 2017 — There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. Existe un bucle infinito en la función next_char en comp_scan.c de ncurses 6.0 en relación con libtic. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-o... • https://bugzilla.redhat.com/show_bug.cgi?id=1484274 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13734 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13734
29 Aug 2017 — There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_safe_strcat en strings.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to exe... • https://bugzilla.redhat.com/show_bug.cgi?id=1484291 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13730 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13730
29 Aug 2017 — There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_read_entry_source() en progs/tic.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly ... • https://bugzilla.redhat.com/show_bug.cgi?id=1484284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13733 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-13733
29 Aug 2017 — There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función fmt_entry en dump_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.1:0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1484290 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •