CVE-2022-29458

CVE-2022-29458 affects ncurses 6.3 prior to patch 20220416, with an out-of-bounds read in tinfo/read_entry.c (convert_strings) leading to a segmentation fault. Connected sources confirm the issue is tied to the terminfo processor and mention Linux distributions (e.g., Astra Linux, Cloud Foundry) ...

CVE-2019-17594

CVE-2019-17594 affects ncurses’ terminfo library (ncurses) prior to 6.1-20191012. The issue is a heap-based over-read in the _nc_find_entry function in tinfo/comp_hash.c, which could allow an attacker to read memory and potentially obtain sensitive information from a crafted file. This aligns wit...

CVE-2019-17595

CVE-2019-17595 affects ncurses' terminfo library (ncurses) prior to 6.1-20191012, due to a heap-based buffer over-read in the fmt_entry function (tinfo/comp_hash.c). This over-read can leak memory contents and may contribute to instability; CVSS v3.1 base score 5.4 (medium) with Network attack ve...

CVE-2023-29491

CVE-2023-29491 affects ncurses up to version 6.3? (before 6.4 20230408) and is exploitable locally when used by a setuid application to trigger memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or via TERMINFO/TERM. The issue is a local memory corruption vu...

CVE-2002-0062

CVE-2002-0062 is a local privilege-escalation in ncurses 5.0 and the ncurses4 compatibility package, caused by a buffer overflow in routines for moving the physical cursor and scrolling. Debian and Red Hat advisories describe the issue and assign CAN-2002-0062. Affected products include ncurses 5...

CVE-2000-0963

The CVE-2000-0963 vulnerability is a local buffer overflow in the ncurses library that can allow execution of arbitrary commands via overly long environment variables (TERM or TERMINFO_DIRS). Connected PT-2000-1003 and other records specify affected software as ncurses versions 5.0–5.2 and ncurse...