27 matches found
CVE-2022-29458
CVE-2022-29458 affects ncurses 6.3 prior to patch 20220416, with an out-of-bounds read in tinfo/read_entry.c (convert_strings) leading to a segmentation fault. Connected sources confirm the issue is tied to the terminfo processor and mention Linux distributions (e.g., Astra Linux, Cloud Foundry) ...
CVE-2019-17594
CVE-2019-17594 affects ncurses’ terminfo library (ncurses) prior to 6.1-20191012. The issue is a heap-based over-read in the _nc_find_entry function in tinfo/comp_hash.c, which could allow an attacker to read memory and potentially obtain sensitive information from a crafted file. This aligns wit...
CVE-2019-17595
CVE-2019-17595 affects ncurses' terminfo library (ncurses) prior to 6.1-20191012, due to a heap-based buffer over-read in the fmt_entry function (tinfo/comp_hash.c). This over-read can leak memory contents and may contribute to instability; CVSS v3.1 base score 5.4 (medium) with Network attack ve...
CVE-2023-29491
CVE-2023-29491 affects ncurses up to version 6.3? (before 6.4 20230408) and is exploitable locally when used by a setuid application to trigger memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or via TERMINFO/TERM. The issue is a local memory corruption vu...
CVE-2021-39537
CVE-2021-39537 affects ncurses: _nc_captoinfo in captoinfo.c has a heap-based buffer overflow when processing terminfo data, observed in ncurses up to v6.2-1. Connected advisories confirm this is a real issue and provide mitigations/patch paths: Debian DLA-3682-1 and related Debian notes, Cloud F...
CVE-2017-10684
CVE-2017-10684 affects the ncurses (new curses) library up to version 6.0, with a stack-based buffer overflow in fmt_entry that could allow a remote attacker to execute arbitrary code. The connected documents confirm the vulnerability context but do not provide a specific patch version or remedia...
CVE-2017-10685
CVE-2017-10685 affects the ncurses (new curses) library. The vulnerability is a format-string flaw in the fmt_entry function, allowing a remote authenticated attacker to potentially execute arbitrary code by supplying a crafted input. The IBM X-Force entry for this CVE lists a base score of 7.3 (...
CVE-2017-16879
CVE-2017-16879 affects ncurses: a stack-based buffer overflow in the _nc_write_entry function (tinfo/write_entry.c) can be triggered by a crafted terminfo file. This may cause an application crash (DoS) and could possibly lead to arbitrary code execution. The connected documents provide this conc...
CVE-2020-19189
CVE-2020-19189: ncurses 6.1 contains a Buffer Overflow in postprocess_terminfo (tinfo/parse_entry.c:997) that enables a remote attacker to trigger a denial of service via crafted input. Connected Astra Linux advisory reiterates the same ncurses vulnerability. The description confirms vulnerable c...
CVE-2017-13731
CVE-2017-13731 : ncurses 6.0 contains an illegal address access in postprocess_termcap() within parse_entry.c, leading to a remote denial of service. This is described in the connected Nessus entry (NS-SA-2025-0223) as part of multiple ncurses vulnerabilities, explicitly listing CVE-2017-13731 an...
CVE-2017-13733
CVE-2017-13733 affects ncurses 6.0 with an illegal address access in fmt_entry (progs/dump_entry.c) that could enable remote denial of service. Remediation: upgrade Cloud Pak for Security CP4S to 1.9.0 as stated in the fixes.
CVE-2017-11112
CVE-2017-11112 affects ncurses 6.0. The vulnerability is in the append_acs path of tinfo/parse_entry.c, where an attempted 0xffffffffffffffff access could be triggered while processing untrusted terminfo data, leading to a remote denial of service. The connected documents explicitly describe this...
CVE-2017-13732
CVE-2017-13732 affects ncurses 6.0; there is an illegal address access in the dump_uses() function (progs/dump_entry.c) that could enable remote denial of service. Connected docs confirm this CVE entry and describe the DoS impact. The provided materials do not supply a fix version or remediation ...
CVE-2017-13734
CVE-2017-13734 is a vulnerability in ncurses (NCurses 6.0) where an illegal address access in the _nc_safe_strcat function (strings.c) can be triggered by processing a specially crafted file, leading to remote denial of service. The provided connected document confirms this specific CVE detail an...
CVE-2017-13730
CVE-2017-13730 affects ncurses (ncurses) 6.0. The vulnerability is an illegal address access in the function _nc_read_entry_source() within progs/tic.c. This could lead to a remote denial of service when processing terminfo data via tic-related code paths. The Initial document confirms a DOs risk...
CVE-2017-13728
CVE-2017-13728 affects ncurses 6.0 (ncurses) with an infinite loop in the next_char function (comp_scan.c) tied to libtic. A crafted input can trigger a remote denial-of-service via an infinite loop. The connected Nessus plugin explicitly lists this CVE under “ncurses 6.0” with the next_char issu...
CVE-2017-13729
The CVE-2017-13729 entry maps to ncurses 6.0 with an illegal address access in _nc_save_str (alloc_entry.c) that could enable a remote denial-of-service. Connected reports confirm the affected component and the DoS impact; no exploit details or fixes are provided beyond the generic vulnerability ...
CVE-2017-11113
CVE-2017-11113 (ncurses) : A NULL pointer dereference in _nc_parse_entry (tinfo/parse_entry.c) of ncurses 6.0 can allow a remote attacker to cause a denial of service when processing untrusted terminfo data. The entry cites an IBM X-Force base score of 7.5 (HIGH) and references to Linux/Unix term...
CVE-2020-19190
CVE-2020-19190 : NCurses 6.1 contains a heap-based or buffer overflow in the _nc_find_entry function (tinfo/comp_hash.c:70) that can be triggered by a crafted command, allowing a remote attacker to cause a denial of service. The connected documents confirm this exact issue and its impact but do n...
CVE-2020-19185
CVE-2020-19185 is a remote-denial-of-service vulnerability in ncurses 6.1, caused by a buffer overflow in the one_one_mapping function (progs/dump_entry.c:1373). Exploitation requires sending a crafted command to a vulnerable system, with IBM/X-Force/Nessus disclosures confirming a heap/over-read...
CVE-2018-19211
CVE-2018-19211: In ncurses 6.1, a NULL pointer dereference in _nc_parse_entry (parse_entry.c) can cause a denial of service by following the dereference path even after detecting a dubious character in the name/alias field. The provided documents identify the vulnerable component as ncurses 6.1 a...
CVE-2002-0062
CVE-2002-0062 is a local privilege-escalation in ncurses 5.0 and the ncurses4 compatibility package, caused by a buffer overflow in routines for moving the physical cursor and scrolling. Debian and Red Hat advisories describe the issue and assign CAN-2002-0062. Affected products include ncurses 5...
CVE-2020-19186
CVE-2020-19186 is a vulnerability in the ncurses library. The connected document specifies a Buffer Overflow in the _nc_find_entry function (tinfo/comp_hash.c:66) affecting ncurses 6.1 that allows remote attackers to cause a denial of service via crafted commands. The Siemens Tenable OT plugin re...
CVE-2020-19187
CVE-2020-19187 is a Buffer Overflow in ncurses' fmt_entry function (progs/dump_entry.c:1100) on ncurses 6.1 that allows remote DoS via crafted input. Connected Nessus/NASL entries corroborate the issue and reference the same affected component/trigger. No in‑wild exploit details are provided. Rem...
CVE-2020-19188
CVE-2020-19188 : Affected product is ncurses 6.1. The vulnerability is a buffer overflow in fmt_entry() (progs/dump_entry.c:1116) that allows remote attackers to cause a denial of service via crafted commands. The connected documents confirm the existence and impact but do not provide concrete re...
CVE-2018-19217
CVE-2018-19217 refers to a NULL pointer dereference in ncurses, likely in a 6.x release, at the function _nc_name_match, which can cause a denial of service. The available connected data reiterates that the issue’s original report cited version 6.1, but that version did not reproduce the flaw acc...
CVE-2000-0963
The CVE-2000-0963 vulnerability is a local buffer overflow in the ncurses library that can allow execution of arbitrary commands via overly long environment variables (TERM or TERMINFO_DIRS). Connected PT-2000-1003 and other records specify affected software as ncurses versions 5.0–5.2 and ncurse...