36 matches found
JLSEC-2026-453
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Out-of-bounds Write (CVE-2023-29491)
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. This plugin only works with...
EUVD-2017-2749
Malware in sbrugna...
NewStart CGSL MAIN 6.06 : ncurses Multiple Vulnerabilities (NS-SA-2025-0223)
The remote NewStart CGSL host, running version MAIN 6.06, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...
Oracle Linux 9 : ncurses (ELSA-2025-12876)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12876 advisory. 6.2-10.20210508.el96.2 - remove execute permissions from ANNOUNCE file RHEL-102738 6.2-10.20210508.el96.1 - guard against corrupt terminfo data in string...
ncurses: Local users can trigger security-relevant memory corruption via malformed data
A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
ncurses: Local users can trigger security-relevant memory corruption via malformed data
A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
OESA-2023-1426 ncurses security update
The ncurses new curses library is a free software emulation of curses in System V Release 4.0 SVr4, and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr...
SUSE-SU-2023:2112-1 Security update for ncurses
This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data bsc1210434...
SUSE-SU-2023:2111-1 Security update for ncurses
This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data bsc1210434...
ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
...
SUSE CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
DEBIAN-CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
ALPINE-CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
UBUNTU-CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
Medium: ncurses
Issue Overview: The ncurses package tic is susceptible to a heap overflow on crafted input. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the convertstrings function in tinfo/readentry.c, which allows attackers to crash the service when processing corrupt terminfo data. Remediation Upgrade ncurses to version 6.3 or higher. References - GitHub Commit ...
CVE-2022-29458
A segmentation fault vulnerability was found in ncurses's convertstrings function of tinfo/readentry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error...
EulerOS Virtualization 2.5.0 : ncurses (EulerOS-SA-2018-1338)
According to the version of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to...
EulerOS Virtualization 2.5.2 : ncurses (EulerOS-SA-2018-1276)
According to the version of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the ncparseentry function parses terminfo data for compilation. An attacker able to...