Unity Linux 20.1060e / 20.1070e Security Update: ncurses (UTSA-2026-017429)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017429 advisory. An issue was discovered in ncurses through v6.2-1. nccaptoinfo in captoinfo.c has a heap-based buffer overflow. Tenable has extracted the preceding description block...

CLSA-2026-1776163577 ncurses: Fix of CVE-2025-69720

CVE-2025-69720: add a limit-check in infocmp -i option's analyzestring function to prevent stack-based buffer overflow from upstream ncurses 6.5 patchlevel 20251213...

Photon OS 5.0: Ncurses PHSA-2026-5.0-0836

An update of the ncurses package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0836. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Ncurses PHSA-2026-4.0-1006

An update of the ncurses package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1006. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

JLSEC-2026-447

Buffer Overflow vulnerability in fmtentry function in progs/dumpentry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-442

In ncurses 6.1, there is a NULL pointer dereference at function ncparseentry in parseentry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character ' in name or alias field" detection...

JLSEC-2026-445

Buffer Overflow vulnerability in oneonemapping function in progs/dumpentry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-449

Buffer Overflow vulnerability in postprocessterminfo function in tinfo/parseentry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-443

There is a heap-based buffer over-read in the ncfindentry function in tinfo/comphash.c in the terminfo library in ncurses before 6.1-20191012...

JLSEC-2026-451

An issue was discovered in ncurses through v6.2-1. nccaptoinfo in captoinfo.c has a heap-based buffer overflow...

JLSEC-2026-452

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

JLSEC-2026-453

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

JLSEC-2026-454 A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic....

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of the file tinfo/parseentry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to...

JLSEC-2026-446

Buffer Overflow vulnerability in ncfindentry function in tinfo/comphash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-448

Buffer Overflow vulnerability in fmtentry function in progs/dumpentry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

JLSEC-2026-450

Buffer Overflow vulnerability in ncfindentry in tinfo/comphash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command...

Astra Linux - уязвимость в ncurses

An issue was discovered in ncurses through v6.2-1. nccaptoinfo in captoinfo.c has a heap-based buffer overflow...

Astra Linux - уязвимость в ncurses

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

Astra Linux - уязвимость в ncurses

ncurses before version 6.4, as of 20230408, when used by a setuid application, allowed local users to cause security-related memory corruption through malformed data in a terminfo database file located in $HOME/.terminfo, or accessible via the TERMINFO or TERM environment variables...

Astra Linux - уязвимость в ncurses

A buffer overflow vulnerability exists in the postprocessterminfo function in tinfo/parseentry.c:997 within ncurses 6.1. This vulnerability allows remote attackers to cause a denial of service by using crafted commands...