CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29491 – ncurses: Local users can trigger security-relevant memory corruption via malformed data
https://notcve.org/view.php?id=CVE-2023-29491
14 Apr 2023 — ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached vi... • http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-29458 – Ubuntu Security Notice USN-6099-1
https://notcve.org/view.php?id=CVE-2022-29458
18 Apr 2022 — ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses versiones 6.3 anteriores al parche 20220416, presentan una lectura fuera de límites y una violación de segmentación en el archivo convert_strings en tinfo/read_entry.c en la biblioteca terminfo It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2002-0062
https://notcve.org/view.php?id=CVE-2002-0062
08 Mar 2002 — Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." El desbordamiento del búfer en ncurses 5.0, y el paquete de compatibilidad ncurses4 basado en él, permite a usuarios locales la obtención de privilegios. • http://www.debian.org/security/2002/dsa-113 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •