rpm package
suse/ncurses&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50495 | — | < 5.9-85.1 | 5.9-85.1 | Dec 12, 2023 | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | ||
| CVE-2023-29491 | — | < 5.9-81.1 | 5.9-81.1 | Apr 14, 2023 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | ||
| CVE-2022-29458 | — | < 5.9-78.1 | 5.9-78.1 | Apr 18, 2022 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | ||
| CVE-2021-39537 | — | < 5.9-75.1 | 5.9-75.1 | Sep 20, 2021 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | ||
| CVE-2019-17594 | — | < 5.9-69.1 | 5.9-69.1 | Oct 14, 2019 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | ||
| CVE-2019-17595 | — | < 5.9-69.1 | 5.9-69.1 | Oct 14, 2019 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
- CVE-2023-50495Dec 12, 2023affected < 5.9-85.1fixed 5.9-85.1
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
- CVE-2023-29491Apr 14, 2023affected < 5.9-81.1fixed 5.9-81.1
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
- CVE-2022-29458Apr 18, 2022affected < 5.9-78.1fixed 5.9-78.1
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
- CVE-2021-39537Sep 20, 2021affected < 5.9-75.1fixed 5.9-75.1
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
- CVE-2019-17594Oct 14, 2019affected < 5.9-69.1fixed 5.9-69.1
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
- CVE-2019-17595Oct 14, 2019affected < 5.9-69.1fixed 5.9-69.1
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.