Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu ncurses vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Gnu Ncurses 6.3
Gnu Ncurses
Apple Macos
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2021-39537
An issue exists in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Gnu Ncurses
Apple Mac Os X 10.12.6
Apple Macos 13.0
Apple Macos 11.7
5.3
CVSSv3
CVE-2019-17594
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses prior to 6.1-20191012.
Gnu Ncurses
Opensuse Leap 15.0
Opensuse Leap 15.1
5.4
CVSSv3
CVE-2019-17595
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses prior to 6.1-20191012.
Gnu Ncurses
Opensuse Leap 15.0
Opensuse Leap 15.1
5.5
CVSSv3
CVE-2018-19211
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
Gnu Ncurses 6.1
6.5
CVSSv3
CVE-2018-19217
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a rel...
Gnu Ncurses 6.1
7.8
CVSSv3
CVE-2017-16879
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
Gnu Ncurses 6.0
7.5
CVSSv3
CVE-2017-13728
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
Gnu Ncurses 6.0
6.5
CVSSv3
CVE-2017-13729
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
Gnu Ncurses 6.0
6.5
CVSSv3
CVE-2017-13730
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
Gnu Ncurses 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »