Ncurses@6.0 Security Vulnerabilities and Issues — Ncurses@6.0 CVE List

Lucene search

GnuNcurses6.0

12 matches found

CVE•added 2017/06/29 11:29 p.m.•160 views

CVE-2017-10684

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

9.8CVSS7.8AI score0.02163EPSS

CVE•added 2017/06/29 11:29 p.m.•155 views

CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

9.8CVSS7.5AI score0.00436EPSS

CVE•added 2017/11/22 10:29 p.m.•120 views

CVE-2017-16879

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

7.8CVSS8.1AI score0.00291EPSS

CVE•added 2017/08/29 6:29 a.m.•115 views

CVE-2017-13731

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

6.5CVSS6AI score0.0007EPSS

CVE•added 2017/08/29 6:29 a.m.•114 views

CVE-2017-13733

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

6.5CVSS6AI score0.00107EPSS

CVE•added 2017/07/08 5:29 p.m.•109 views

CVE-2017-11112

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

7.5CVSS7AI score0.00076EPSS

CVE•added 2017/08/29 6:29 a.m.•108 views

CVE-2017-13730

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

6.5CVSS6AI score0.00082EPSS

CVE•added 2017/08/29 6:29 a.m.•105 views

CVE-2017-13728

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

7.5CVSS5.9AI score0.00108EPSS

CVE•added 2017/08/29 6:29 a.m.•105 views

CVE-2017-13734

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

6.5CVSS5.8AI score0.00188EPSS

CVE•added 2017/08/29 6:29 a.m.•104 views

CVE-2017-13729

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

6.5CVSS6AI score0.0007EPSS

CVE•added 2017/07/08 5:29 p.m.•103 views

CVE-2017-11113

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

7.5CVSS7AI score0.00077EPSS

CVE•added 2017/08/29 6:29 a.m.•103 views

CVE-2017-13732

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

6.5CVSS6AI score0.00082EPSS