Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5477-1
HistoryJun 14, 2022 - 12:00 a.m.

ncurses vulnerabilities

2022-06-1400:00:00
ubuntu.com
37

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • ncurses - shared libraries for terminal handling (32-bit)

Details

Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)

Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)

It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibtinfo5< 6.0+20160213-1ubuntu1+esm2UNKNOWN
Ubuntu16.04noarchlib32ncurses5< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dev< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dev-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dev< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dev-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32tinfo-dev< 6.0+20160213-1ubuntu1UNKNOWN
Rows per page:
1-10 of 751

Related

openvas 51
nessus 64
osv 12
cloudfoundry 1
ubuntu 1
suse 8
gentoo 1
amazon 1
rocky 1
oraclelinux 1
rosalinux 3
ibm 1
redhat 1
almalinux 1
mageia 1
redhatcve 6
debiancve 6
cve 6
prion 6
ubuntucve 6
alpinelinux 5
cbl_mariner 4
veracode 4
debian 2
redos 1
f5 1
photon 4
openvas
openvas
Ubuntu: Security Advisory (USN-5477-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-6099-1)
2023-05-24 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2019-2544)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5477-1)
2022-06-14 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : ncurses vulnerabilities (USN-6099-1)
2023-05-23 00:00:00
openSUSE Security Update : ncurses (openSUSE-2019-2551)
2019-11-25 00:00:00
osv
osv
ncurses vulnerabilities
2022-06-14 11:17:52
ncurses vulnerabilities
2023-05-23 11:56:42
Moderate: ncurses security update
2021-11-09 09:21:17
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
ubuntu
ubuntu
ncurses vulnerabilities
2023-05-23 00:00:00
suse
suse
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (important)
2018-12-08 00:15:32
gentoo
gentoo
ncurses: Multiple vulnerabilities
2021-01-26 00:00:00
amazon
amazon
Medium: ncurses
2022-12-01 20:31:00
rocky
rocky
ncurses security update
2021-11-09 09:21:17
oraclelinux
oraclelinux
ncurses security update
2021-11-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2364
2024-03-05 08:27:01
Advisory ROSA-SA-2021-1927
2021-07-02 17:32:26
Advisory ROSA-SA-2023-2263
2023-10-22 05:30:45
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)
2022-08-04 13:03:37
redhat
redhat
(RHSA-2021:4426) Moderate: ncurses security update
2021-11-09 09:21:17
almalinux
almalinux
Moderate: ncurses security update
2021-11-09 09:21:17
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2019-12-14 03:37:02
redhatcve
redhatcve
CVE-2018-19211
2018-11-22 13:19:14
CVE-2017-16879
2017-11-27 17:20:48
CVE-2021-39537
2021-09-22 19:10:18
debiancve
debiancve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:00
cve
cve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:00
prion
prion
Null pointer dereference
2018-11-12 19:29:00
Stack overflow
2017-11-22 22:29:00
Heap overflow
2021-09-20 16:15:00
ubuntucve
ubuntucve
CVE-2017-16879
2017-11-22 00:00:00
CVE-2019-17594
2019-10-14 00:00:00
CVE-2021-39537
2021-09-20 00:00:00
alpinelinux
alpinelinux
CVE-2021-39537
2021-09-20 16:15:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2019-17594
2019-10-14 21:15:00
cbl_mariner
cbl_mariner
CVE-2021-39537 affecting package ncurses 6.2-6
2021-11-06 00:29:52
CVE-2021-39537 affecting package ncurses 6.2-5
2022-04-26 19:57:37
CVE-2022-29458 affecting package ncurses 6.3-1
2022-10-05 23:33:40
veracode
veracode
Denial Of Service (DoS)
2021-12-09 17:11:49
Buffer Overflow
2021-11-13 00:40:53
Buffer Overflow
2021-11-13 00:40:51
debian
debian
[SECURITY] [DLA 3167-1] ncurses security update
2022-10-29 08:51:46
[SECURITY] [DLA 3682-1] ncurses security update
2023-12-03 18:46:35
redos
redos
ROS-20231013-02
2023-10-13 00:00:00
f5
f5
K000138977 : ncurses vulnerability CVE-2022-29458
2024-03-21 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0192
2022-06-01 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0281
2020-02-28 00:00:00
Important Photon OS Security Update - PHSA-2021-0445
2021-10-20 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON
Related for USN-5477-1
openvas51nessus64osv12cloudfoundry1ubuntu1suse8gentoo1amazon1rocky1oraclelinux1rosalinux3ibm1redhat1almalinux1mageia1redhatcve6debiancve6cve6prion6ubuntucve6alpinelinux5cbl_mariner4veracode4debian2redos1f51photon4