CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29491 – ncurses: Local users can trigger security-relevant memory corruption via malformed data
https://notcve.org/view.php?id=CVE-2023-29491
14 Apr 2023 — ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached vi... • http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-29458 – Ubuntu Security Notice USN-6099-1
https://notcve.org/view.php?id=CVE-2022-29458
18 Apr 2022 — ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses versiones 6.3 anteriores al parche 20220416, presentan una lectura fuera de límites y una violación de segmentación en el archivo convert_strings en tinfo/read_entry.c en la biblioteca terminfo It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-39537 – Ubuntu Security Notice USN-6099-1
https://notcve.org/view.php?id=CVE-2021-39537
20 Sep 2021 — An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Se ha detectado un problema en ncurses versiones hasta v6.2-1. La función _nc_captoinfo en el archivo captoinfo.c presenta un desbordamiento de búfer en la región heap de la memoria It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. • http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17594 – ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17594
14 Oct 2019 — There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función _nc_find_entry en tinfo/comp_hash.c la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges tha... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17595 – ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c
https://notcve.org/view.php?id=CVE-2019-17595
14 Oct 2019 — There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función fmt_entry en tinfo/comp_hash.c en la biblioteca terminfo en ncurses en versiones anteriores a la 6.1-20191012. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admin... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16879 – Ubuntu Security Notice USN-5477-1
https://notcve.org/view.php?id=CVE-2017-16879
18 Nov 2017 — Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. Desbordamiento de búfer basado en pila en la función _nc_write_entry en tinfo/write_entry.c en ncurses en la versión 6.0 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) o posiblemente ejecuten código arbitrar... • https://packetstorm.news/files/id/145045 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13728 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13728
29 Aug 2017 — There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. Existe un bucle infinito en la función next_char en comp_scan.c de ncurses 6.0 en relación con libtic. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-o... • https://bugzilla.redhat.com/show_bug.cgi?id=1484274 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13729 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-13729
29 Aug 2017 — There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_save_str en alloc_entry.c en ncurses 6.0. Esto podría permitir que se realice un ataque de denegación de servicio remoto. Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. • https://bugzilla.redhat.com/show_bug.cgi?id=1484276 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13730 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13730
29 Aug 2017 — There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_read_entry_source() en progs/tic.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly ... • https://bugzilla.redhat.com/show_bug.cgi?id=1484284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13731 – Ubuntu Security Notice USN-5448-1
https://notcve.org/view.php?id=CVE-2017-13731
29 Aug 2017 — There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función postprocess_termcap() en parse_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly u... • https://bugzilla.redhat.com/show_bug.cgi?id=1484285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •