Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5477-1
HistoryJun 14, 2022 - 11:17 a.m.

ncurses vulnerabilities

2022-06-1411:17:52
Google
osv.dev
1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)

Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)

It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)

Related

openvas 50
ubuntu 2
nessus 64
cloudfoundry 1
osv 11
suse 8
gentoo 1
rocky 1
ibm 1
rosalinux 3
oraclelinux 1
mageia 1
almalinux 1
amazon 1
redhat 1
redhatcve 6
debiancve 6
cve 6
prion 6
alpinelinux 5
ubuntucve 6
veracode 4
cbl_mariner 4
redos 1
debian 2
photon 5
f5 1
openvas
openvas
Ubuntu: Security Advisory (USN-5477-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-6099-1)
2023-05-24 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2019-2544)
2020-01-23 00:00:00
ubuntu
ubuntu
ncurses vulnerabilities
2022-06-14 00:00:00
ncurses vulnerabilities
2023-05-23 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5477-1)
2022-06-14 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : ncurses vulnerabilities (USN-6099-1)
2023-05-23 00:00:00
openSUSE Security Update : ncurses (openSUSE-2019-2551)
2019-11-25 00:00:00
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
osv
osv
ncurses vulnerabilities
2023-05-23 11:56:42
Moderate: ncurses security update
2021-11-09 09:21:17
Moderate: ncurses security update
2021-11-09 09:21:17
suse
suse
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (important)
2018-12-08 00:15:32
gentoo
gentoo
ncurses: Multiple vulnerabilities
2021-01-26 00:00:00
rocky
rocky
ncurses security update
2021-11-09 09:21:17
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)
2022-08-04 13:03:37
rosalinux
rosalinux
Advisory ROSA-SA-2024-2364
2024-03-05 08:27:01
Advisory ROSA-SA-2021-1927
2021-07-02 17:32:26
Advisory ROSA-SA-2023-2263
2023-10-22 05:30:45
oraclelinux
oraclelinux
ncurses security update
2021-11-16 00:00:00
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2019-12-14 03:37:02
almalinux
almalinux
Moderate: ncurses security update
2021-11-09 09:21:17
amazon
amazon
Medium: ncurses
2022-12-01 20:31:00
redhat
redhat
(RHSA-2021:4426) Moderate: ncurses security update
2021-11-09 09:21:17
redhatcve
redhatcve
CVE-2018-19211
2018-11-22 13:19:14
CVE-2017-16879
2017-11-27 17:20:48
CVE-2019-17595
2019-10-29 16:34:51
debiancve
debiancve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:00
cve
cve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2019-17595
2019-10-14 21:15:00
prion
prion
Null pointer dereference
2018-11-12 19:29:00
Stack overflow
2017-11-22 22:29:00
Heap overflow
2021-09-20 16:15:00
alpinelinux
alpinelinux
CVE-2017-16879
2017-11-22 22:29:00
CVE-2019-17594
2019-10-14 21:15:00
CVE-2021-39537
2021-09-20 16:15:00
ubuntucve
ubuntucve
CVE-2017-16879
2017-11-22 00:00:00
CVE-2019-17594
2019-10-14 00:00:00
CVE-2019-17595
2019-10-14 00:00:00
veracode
veracode
Buffer Overflow
2021-11-13 00:40:53
Buffer Overflow
2021-11-13 00:40:51
Denial Of Service (DoS)
2021-12-09 17:11:49
cbl_mariner
cbl_mariner
CVE-2021-39537 affecting package ncurses 6.2-6
2021-11-06 00:29:52
CVE-2021-39537 affecting package ncurses for versions less than 6.2-6
2022-04-26 19:57:37
CVE-2022-29458 affecting package ncurses for versions less than 6.3-2
2022-10-05 23:33:40
redos
redos
ROS-20231013-02
2023-10-13 00:00:00
debian
debian
[SECURITY] [DLA 3167-1] ncurses security update
2022-10-29 08:51:46
[SECURITY] [DLA 3682-1] ncurses security update
2023-12-03 18:46:35
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0281
2020-02-28 00:00:00
Important Photon OS Security Update - PHSA-2022-0192
2022-06-01 00:00:00
Critical Photon OS Security Update - PHSA-2020-0281
2020-02-28 00:00:00
f5
f5
K000138977 : ncurses vulnerability CVE-2022-29458
2024-03-21 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON
Related for OSV:USN-5477-1
openvas50ubuntu2nessus64cloudfoundry1osv11suse8gentoo1rocky1ibm1rosalinux3oraclelinux1mageia1almalinux1amazon1redhat1redhatcve6debiancve6cve6prion6alpinelinux5ubuntucve6veracode4cbl_mariner4redos1debian2photon5f51