rpm package

suse/ncurses&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (12)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-19211		—	< 5.9-61.1	5.9-61.1	Nov 12, 2018	In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
CVE-2017-13734	Med	6.5	< 5.9-58.1	5.9-58.1	Aug 29, 2017	There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVE-2017-13733	Med	6.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13732	Med	6.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13731	Med	6.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVE-2017-13730	Med	6.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13729	Med	6.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
CVE-2017-13728	Hig	7.5	< 5.9-55.1	5.9-55.1	Aug 29, 2017	There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
CVE-2017-11113	Hig	7.5	< 5.9-50.1	5.9-50.1	Jul 8, 2017	In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2017-11112	Hig	7.5	< 5.9-50.1	5.9-50.1	Jul 8, 2017	In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2017-10685	Cri	9.8	< 5.9-50.1	5.9-50.1	Jun 29, 2017	In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-10684	Cri	9.8	< 5.9-50.1	5.9-50.1	Jun 29, 2017	In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVE-2018-19211Nov 12, 2018
affected < 5.9-61.1fixed 5.9-61.1
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
CVE-2017-13734MedAug 29, 2017
affected < 5.9-58.1fixed 5.9-58.1
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVE-2017-13733MedAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13732MedAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13731MedAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVE-2017-13730MedAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVE-2017-13729MedAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
CVE-2017-13728HigAug 29, 2017
affected < 5.9-55.1fixed 5.9-55.1
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
CVE-2017-11113HigJul 8, 2017
affected < 5.9-50.1fixed 5.9-50.1
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2017-11112HigJul 8, 2017
affected < 5.9-50.1fixed 5.9-50.1
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2017-10685CriJun 29, 2017
affected < 5.9-50.1fixed 5.9-50.1
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-10684CriJun 29, 2017
affected < 5.9-50.1fixed 5.9-50.1
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.