CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13734 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13734
29 Aug 2017 — There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_safe_strcat en strings.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to exe... • https://bugzilla.redhat.com/show_bug.cgi?id=1484291 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13732 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13732
29 Aug 2017 — There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función dump_uses() en dump_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue t... • https://bugzilla.redhat.com/show_bug.cgi?id=1484287 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13733 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-13733
29 Aug 2017 — There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función fmt_entry en dump_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.1:0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1484290 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11112 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-11112
08 Jul 2017 — In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. En ncurses versión 6.0, hay un intento de acceso 0xffffffffffffffffff en la función append_acs del archivo tinfo/parse_entry.c. Podría conllevar a un ataque remoto de denegación de servicio si el código de la biblioteca terminfo se utiliza para procesar datos terminfo no s... • https://bugzilla.redhat.com/show_bug.cgi?id=1464686 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11113 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-11113
08 Jul 2017 — In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. En ncurses 6.0, hay una desreferencia de puntero NULL en la función _nc_parse_entry de tinfo/parse_entry.c. Podría provocar un ataque de denegación de servicio remoto si se utiliza el código de la librería terminfo al procesar datos terminfo no confiables. It was discovered that ... • https://bugzilla.redhat.com/show_bug.cgi?id=1464691 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-10684 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-10684
29 Jun 2017 — In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. En ncurses 6.0, hay una vulnerabilidad de desbordamiento de búfer basado en pila en la función fmt_entry. Se podría realizar un ataque de ejecución remota de código arbitrario con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-... • https://bugzilla.redhat.com/show_bug.cgi?id=1464687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-10685 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-10685
29 Jun 2017 — In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. En ncurses 6.0, hay una vulnerabilidad de cadena de formato en la función fmt_entry. Se podría realizar un ataque de ejecución remota de código arbitrario con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. • https://bugzilla.redhat.com/show_bug.cgi?id=1464692 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2002-0062
https://notcve.org/view.php?id=CVE-2002-0062
08 Mar 2002 — Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." El desbordamiento del búfer en ncurses 5.0, y el paquete de compatibilidad ncurses4 basado en él, permite a usuarios locales la obtención de privilegios. • http://www.debian.org/security/2002/dsa-113 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2000-0963
https://notcve.org/view.php?id=CVE-2000-0963
29 Nov 2000 — Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. • http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt •