rpm package
almalinux/ncurses-devel
pkg:rpm/almalinux/ncurses-devel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69720 | — | < 6.4-15.20240127.el10_1 | 6.4-15.20240127.el10_1 | Mar 19, 2026 | The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | ||
| CVE-2023-29491 | — | < 6.1-9.20180224.el8_8.1 | 6.1-9.20180224.el8_8.1 | Apr 14, 2023 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||
| CVE-2019-17594 | — | < 6.1-9.20180224.el8 | 6.1-9.20180224.el8 | Oct 14, 2019 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | ||
| CVE-2019-17595 | — | < 6.1-9.20180224.el8 | 6.1-9.20180224.el8 | Oct 14, 2019 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
- CVE-2025-69720Mar 19, 2026affected < 6.4-15.20240127.el10_1fixed 6.4-15.20240127.el10_1
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
- CVE-2023-29491Apr 14, 2023affected < 6.1-9.20180224.el8_8.1fixed 6.1-9.20180224.el8_8.1
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
- CVE-2019-17594Oct 14, 2019affected < 6.1-9.20180224.el8fixed 6.1-9.20180224.el8
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
- CVE-2019-17595Oct 14, 2019affected < 6.1-9.20180224.el8fixed 6.1-9.20180224.el8
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.