ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

References

ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56

www.openwall.com/lists/oss-security/2023/04/19/10

www.openwall.com/lists/oss-security/2023/04/19/11

lists.debian.org/debian-lts-announce/2023/12/msg00004.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/

security.netapp.com/advisory/ntap-20230517-0009/

support.apple.com/kb/HT213843

support.apple.com/kb/HT213844

support.apple.com/kb/HT213845

www.openwall.com/lists/oss-security/2023/04/12/5

www.openwall.com/lists/oss-security/2023/04/13/4

amazon 2

nessus 38

oraclelinux 2

nvd 1

openvas 21

mageia 1

broadcom 1

osv 5

debiancve 1

cbl_mariner 2

redos 1

cve 1

thn 1

ubuntucve 3

redhat 70

ibm 11

almalinux 2

redhatcve 1

alpinelinux 1

veracode 1

prion 1

photon 1

debian 1

fedora 1

ubuntu 1

cloudfoundry 1

mmpc 1

mssecure 1

apple 3

oracle 1

ics 1

amazon

Important: ncurses

2023-06-21 19:11:00

Important: ncurses

2023-07-05 21:44:00

nessus

EulerOS 2.0 SP10 : ncurses (EulerOS-SA-2023-2362)

2023-07-18 00:00:00

EulerOS 2.0 SP10 : ncurses (EulerOS-SA-2023-2388)

2023-07-18 00:00:00

EulerOS Virtualization 2.11.1 : ncurses (EulerOS-SA-2023-2733)

2024-01-16 00:00:00

oraclelinux

ncurses security and bug fix update

2023-11-11 00:00:00

ncurses security update

2023-09-20 00:00:00

nvd

CVE-2023-29491

2023-04-14 01:15:08

openvas

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2764)

2023-09-11 00:00:00

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2733)

2023-09-11 00:00:00

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2564)

2023-08-03 00:00:00

mageia

Updated ncurses packages fix security vulnerability

2024-03-16 01:51:55

broadcom

A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)

2023-11-07 00:00:00

osv

Moderate: ncurses security and bug fix update

2023-11-07 00:00:00

CVE-2023-29491

2023-04-14 01:15:08

Moderate: ncurses security update

2023-09-19 00:00:00

debiancve

CVE-2023-29491

2023-04-14 01:15:08

cbl_mariner

CVE-2023-29491 affecting package ncurses 6.3-2

2023-05-25 17:55:45

CVE-2023-29491 affecting package ncurses for versions less than 6.4-1

2023-05-25 09:38:10

redos

ROS-20240404-14

2024-04-04 00:00:00

cve

CVE-2023-29491

2023-04-14 01:15:08

thn

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

2023-09-14 14:07:00

ubuntucve

CVE-2023-29491

2023-04-14 00:00:00

CVE-2023-50495

2023-12-12 00:00:00

CVE-2023-45918

2024-02-16 00:00:00

redhat

(RHSA-2023:6698) Moderate: ncurses security and bug fix update

2023-11-07 06:12:11

(RHSA-2023:5249) Moderate: ncurses security update

2023-09-19 12:37:09

(RHSA-2023:7361) Moderate: ncurses security update

2023-11-21 08:12:16

ibm

Security Bulletin: IBM Cloud Pak for Data Scheduling image contains a vulnerable ncurses package ( CVE-2023-29491 )

2023-12-06 16:00:08

Security Bulletin: TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491)

2024-06-20 23:48:43

Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Write in the RHEL UBI (CVE-2023-29491)

2024-01-19 22:00:03

almalinux

Moderate: ncurses security update

2023-09-19 00:00:00

Moderate: ncurses security and bug fix update

2023-11-07 00:00:00

redhatcve

CVE-2023-29491

2023-04-28 20:51:32

alpinelinux

CVE-2023-29491

2023-04-14 01:15:08

veracode

Denial Of Service (DoS)

2023-04-24 05:19:24

prion

Memory corruption

2023-04-14 01:15:00

photon

Important Photon OS Security Update - PHSA-2023-5.0-0024

2023-06-13 00:00:00

debian

[SECURITY] [DLA 3682-1] ncurses security update

2023-12-03 18:46:35

fedora

[SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38

2024-01-31 01:42:30

ubuntu

ncurses vulnerabilities

2023-05-23 00:00:00

cloudfoundry

USN-6099-1: ncurses vulnerabilities | Cloud Foundry

2023-06-05 00:00:00

mmpc

Uncursing the ncurses: Memory corruption vulnerabilities found in library

2023-09-14 11:30:00

mssecure

Uncursing the ncurses: Memory corruption vulnerabilities found in library

2023-09-14 11:30:00

apple

About the security content of macOS Big Sur 11.7.9

2023-07-24 00:00:00

About the security content of macOS Monterey 12.6.8

2023-07-24 00:00:00

About the security content of macOS Ventura 13.5

2023-07-24 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-29491