Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ncurses vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-15547
An issue exists in the ncurses crate up to and including 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
Ncurses Project Ncurses
1 Github repository
9.8
CVSSv3
CVE-2019-15548
An issue exists in the ncurses crate up to and including 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.
Ncurses Project Ncurses
1 Github repository
7.1
CVSSv3
CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Gnu Ncurses 6.3
Gnu Ncurses
Apple Macos
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2023-29491
ncurses prior to 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Gnu Ncurses
5.5
CVSSv3
CVE-2018-19211
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
Gnu Ncurses 6.1
9.8
CVSSv3
CVE-2017-10684
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Gnu Ncurses 6.0
2 Github repositories
9.8
CVSSv3
CVE-2017-10685
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Gnu Ncurses 6.0
2 Github repositories
7.5
CVSSv3
CVE-2017-13728
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
Gnu Ncurses 6.0
6.5
CVSSv3
CVE-2017-13729
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
Gnu Ncurses 6.0
6.5
CVSSv3
CVE-2017-13730
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
Gnu Ncurses 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »