CLSA-2025-1739387560 ncurses: Fix of CVE-2023-29491

CVE-2023-29491: fix triggering memory corruption via malformed terminfo database file when used by a setuid application...

CentOS 9 : ncurses-6.2-10.20210508.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ncurses-6.2-10.20210508.el9 build changelog. - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via...

CentOS 9 : ncurses-6.2-9.20210508.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ncurses-6.2-9.20210508.el9 build changelog. - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via...

CVE-2023-45918

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Fedora 38 : ncurses (2024-96090dafaf)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-96090dafaf advisory. Update to newer ncurses version, which fixes CVE-2023-29491 and CVE-2023-50495. Tenable has extracted the preceding description block directly from...

RHEL 8 : ncurses (RHSA-2024:0416)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0416 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2023-2699)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via malforme...

EulerOS Virtualization 2.9.0 : ncurses (EulerOS-SA-2023-2989)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corrupti...

EulerOS Virtualization 3.0.6.0 : ncurses (EulerOS-SA-2023-3438)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corrupti...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-3438)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ncurses: Local users can trigger security-relevant memory corruption via malformed data

A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

Oracle Linux 9 : ncurses (ELSA-2023-6698)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6698 advisory. - fix buffer overflow on terminfo with too many capabilities CVE-2023-29491 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 9 : ncurses (RHSA-2023:6698)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6698 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

ncurses: Local users can trigger security-relevant memory corruption via malformed data

A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-19190

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...

CVE-2020-19189

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...

CVE-2020-19188

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...

CVE-2020-19185

A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash. Mitigation Do not compile or decompile untrusted terminfo descriptions...