CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17595 – ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17595
14 Oct 2019 — There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función fmt_entry en tinfo/comp_hash.c en la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admin... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15547
https://notcve.org/view.php?id=CVE-2019-15547
26 Aug 2019 — An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. Se descubrió un problema en el paquete ncurses hasta la versión 5.99.0 para Rust. Hay problemas de cadena de formato en las funciones de printw porque los argumentos de formato C se manejan mal. • https://rustsec.org/advisories/RUSTSEC-2019-0006.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15548
https://notcve.org/view.php?id=CVE-2019-15548
26 Aug 2019 — An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. Se descubrió un problema en el paquete ncurses hasta la versión 5.99.0 para Rust. Hay desbordamientos de búfer instr y mvwinstr porque la interacción con las funciones de C se maneja mal. • https://rustsec.org/advisories/RUSTSEC-2019-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19211 – Ubuntu Security Notice USN-5477-1
https://notcve.org/view.php?id=CVE-2018-19211
12 Nov 2018 — In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. En ncurses versión 6.1, hay una desreferencia de puntero NULL en la función _nc_parse_entry del archivo parse_entry.c que conducirá a un ataque de denegación de servicio (DoS). El producto procede al path del código de desreferencia incluso después... • https://bugzilla.redhat.com/show_bug.cgi?id=1643754 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19217
https://notcve.org/view.php?id=CVE-2018-19217
12 Nov 2018 — In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party ** EN DISPUTA ** En ncurses 6.1, hay una desreferencia de puntero NULL en la función _nc_name_match que conducirá a un ataque de denegación de servicio (DoS). NOTA: el informe original indicaba la versión 6.1, pero... • https://bugzilla.redhat.com/show_bug.cgi?id=1643753 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16879 – Ubuntu Security Notice USN-5477-1
https://notcve.org/view.php?id=CVE-2017-16879
18 Nov 2017 — Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. Desbordamiento de búfer basado en pila en la función _nc_write_entry en tinfo/write_entry.c en ncurses en la versión 6.0 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) o posiblemente ejecuten código arbitrar... • https://packetstorm.news/files/id/145045 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13728 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13728
29 Aug 2017 — There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. Existe un bucle infinito en la función next_char en comp_scan.c de ncurses 6.0 en relación con libtic. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-o... • https://bugzilla.redhat.com/show_bug.cgi?id=1484274 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13729 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-13729
29 Aug 2017 — There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_save_str en alloc_entry.c en ncurses 6.0. Esto podría permitir que se realice un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. • https://bugzilla.redhat.com/show_bug.cgi?id=1484276 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13730 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13730
29 Aug 2017 — There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_read_entry_source() en progs/tic.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly ... • https://bugzilla.redhat.com/show_bug.cgi?id=1484284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13731 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13731
29 Aug 2017 — There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función postprocess_termcap() en parse_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly u... • https://bugzilla.redhat.com/show_bug.cgi?id=1484285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •