rpm package
almalinux/ncurses-compat-libs
pkg:rpm/almalinux/ncurses-compat-libs
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29491 | — | < 6.1-9.20180224.el8_8.1 | 6.1-9.20180224.el8_8.1 | Apr 14, 2023 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||
| CVE-2019-17594 | — | < 6.1-9.20180224.el8 | 6.1-9.20180224.el8 | Oct 14, 2019 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | ||
| CVE-2019-17595 | — | < 6.1-9.20180224.el8 | 6.1-9.20180224.el8 | Oct 14, 2019 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
- CVE-2023-29491Apr 14, 2023affected < 6.1-9.20180224.el8_8.1fixed 6.1-9.20180224.el8_8.1
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
- CVE-2019-17594Oct 14, 2019affected < 6.1-9.20180224.el8fixed 6.1-9.20180224.el8
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
- CVE-2019-17595Oct 14, 2019affected < 6.1-9.20180224.el8fixed 6.1-9.20180224.el8
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.