The vulnerability of the input/output library for the ncurses terminal relates to the ability to write beyond the buffer boundaries into memory, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 19 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Ncurses I/O library buffer overflow enables modifying terminfo via TERMINFO, harming confidentiality and integrity.

Reporter	Title	Published	Views	Family All 160
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023	26 Mar 202504:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management	25 Apr 202510:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001	29 Nov 202320:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.	29 Jan 202521:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2024.	2 Feb 202408:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	26 Mar 202504:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Automation Decision Services October 2023 - Multiple CVEs addressed	30 Oct 202314:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Write in the RHEL UBI (CVE-2023-29491)	19 Jan 202421:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data Scheduling image contains a vulnerable ncurses package ( CVE-2023-29491 )	6 Dec 202315:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, glibc-minimal-langpack, glibc-common, ncurses-libs and Kubernetes	16 Nov 202316:21	–	ibm

Vulners

Node

novell suse_linux_enterprise_microMatch5.1

OR

novell suse_linux_enterprise_microMatch5.2

OR

novell suse_manager_retail_branch_serverMatch4.3

OR

novell suse_manager_proxyMatch4.3

OR

novell suse_manager_serverMatch4.3

OR

novell suse_linux_enterprise_microMatch5.3

OR

novell suse_linux_enterprise_microMatch5.4

OR

red_hat red_hat_enterprise_linuxMatch8

OR

novell opensuse_leapMatch15.4

OR

red_hat red_hat_enterprise_linuxMatch9

OR

canonical ubuntuMatch22.10

OR

novell opensuse_leap_microMatch5.3

OR

canonical ubuntuMatch23.04

OR

novell opensuse_leap_microMatch5.4

Source	Link
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.10/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47
openwall	www.openwall.com/lists/oss-security/2023/04/19/11
wiki	www.wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
abf	www.abf.rosa.ru/advisories/ROSA-SA-2025-2635
abf	www.abf.rosa.ru/advisories/ROSA-SA-2025-2779
cve	www.cve.omp.ru/bb27514

01 Jun 2026 00:00Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 37.8

EPSS0.00923

ncurses buffer overflow terminfo database terminfo variable security vulnerability confidentiality integrity