ncurses
by ncurses
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10685 | Cri | 0.64 | 9.8 | 0.04 | Jun 29, 2017 | In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||
| CVE-2017-10684 | Cri | 0.64 | 9.8 | 0.05 | Jun 29, 2017 | In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||
| CVE-2017-16879 | Hig | 0.51 | 7.8 | 0.02 | Nov 22, 2017 | Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. | ||
| CVE-2017-13728 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2017 | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2017-11113 | Hig | 0.49 | 7.5 | 0.02 | Jul 8, 2017 | In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | ||
| CVE-2017-11112 | Hig | 0.49 | 7.5 | 0.02 | Jul 8, 2017 | In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | ||
| CVE-2025-69720 | Hig | 0.47 | 7.3 | 0.00 | Mar 19, 2026 | The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | ||
| CVE-2017-13734 | Med | 0.42 | 6.5 | 0.02 | Aug 29, 2017 | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | ||
| CVE-2017-13733 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||
| CVE-2017-13732 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||
| CVE-2017-13731 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | ||
| CVE-2017-13730 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||
| CVE-2017-13729 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | ||
| CVE-2020-19187 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2020-19189 | 0.00 | — | 0.02 | Aug 22, 2023 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2020-19185 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2020-19190 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2020-19188 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2020-19186 | 0.00 | — | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | |||
| CVE-2023-29491 | 0.00 | — | 0.01 | Apr 14, 2023 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. |
- risk 0.64cvss 9.8epss 0.04
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
- risk 0.64cvss 9.8epss 0.05
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
- risk 0.51cvss 7.8epss 0.02
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
- risk 0.49cvss 7.5epss 0.04
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.02
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
- risk 0.49cvss 7.5epss 0.02
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
- risk 0.47cvss 7.3epss 0.00
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
- risk 0.42cvss 6.5epss 0.02
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
- CVE-2020-19187Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19189Aug 22, 2023risk 0.00cvss —epss 0.02
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19185Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19190Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19188Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19186Aug 22, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2023-29491Apr 14, 2023risk 0.00cvss —epss 0.01
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Page 1 of 2