VYPR
Vendor

ncurses

Products
1
CVEs
28
Across products
28
Status
Private

Products

1

Recent CVEs

28
View all 28 CVEs →
  • CVE-2017-10685CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.04

    In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

  • CVE-2017-10684CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.05

    In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

  • CVE-2021-39537HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

  • CVE-2023-29491HigApr 14, 2023
    risk 0.51cvss 7.8epss 0.01

    ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

  • CVE-2017-16879HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

  • CVE-2017-13728HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.04

    There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-11113HigJul 8, 2017
    risk 0.49cvss 7.5epss 0.02

    In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

  • CVE-2017-11112HigJul 8, 2017
    risk 0.49cvss 7.5epss 0.02

    In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

  • CVE-2025-69720HigMar 19, 2026
    risk 0.47cvss 7.3epss 0.00

    The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

  • CVE-2022-29458HigApr 18, 2022
    risk 0.46cvss 7.1epss 0.01

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

  • CVE-2023-50495MedDec 12, 2023
    risk 0.42cvss 6.5epss 0.01

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

  • CVE-2020-19190MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2020-19189MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.02

    Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2020-19188MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2020-19187MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2020-19186MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2020-19185MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

  • CVE-2018-19217MedNov 12, 2018
    risk 0.42cvss 6.5epss 0.01

    In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a…

  • CVE-2017-13734MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.02

    There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

  • CVE-2017-13733MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.03

    There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.