CLSA-2025-1739387560 ncurses: Fix of CVE-2023-29491

CVE-2023-29491: fix triggering memory corruption via malformed terminfo database file when used by a setuid application...

CentOS 9 : ncurses-6.2-10.20210508.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ncurses-6.2-10.20210508.el9 build changelog. - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via...

CentOS 9 : ncurses-6.2-9.20210508.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ncurses-6.2-9.20210508.el9 build changelog. - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via...

CVE-2023-45918

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Fedora 38 : ncurses (2024-96090dafaf)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-96090dafaf advisory. Update to newer ncurses version, which fixes CVE-2023-29491 and CVE-2023-50495. Tenable has extracted the preceding description block directly from...

RHEL 8 : ncurses (RHSA-2024:0416)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0416 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

EulerOS Virtualization 3.0.6.0 : ncurses (EulerOS-SA-2023-3438)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corrupti...

EulerOS Virtualization 2.9.0 : ncurses (EulerOS-SA-2023-2989)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corrupti...

EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2023-2699)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via malforme...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-3438)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ncurses: Local users can trigger security-relevant memory corruption via malformed data

A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

Oracle Linux 9 : ncurses (ELSA-2023-6698)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6698 advisory. - fix buffer overflow on terminfo with too many capabilities CVE-2023-29491 Tenable has extracted the preceding description block directly from the Oracle Linux...

A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

RHEL 9 : ncurses (RHSA-2023:6698)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6698 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

ncurses: Local users can trigger security-relevant memory corruption via malformed data

A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

The vulnerability of the input/output library for the ncurses terminal relates to the ability to write beyond the buffer boundaries into memory, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the input/output library for the ncurses terminal relates to the possibility of writing beyond the buffer boundaries into memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information b...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-19190

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...

CVE-2020-19189

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...

CVE-2020-19188

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...