** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

(AV:L/AC:L/Au:N/C:N/I:N/A:P)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://bugzilla.redhat.com/show_bug.cgi?id=1566575 Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1566575 Exploit, Issue Tracking, Third Party Advisory

In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.

In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a "dubious character `[' in name or alias field" detection.

OR
     *cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.20180414

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1566575 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=1566575 Issue Tracking

https://drive.google.com/drive/u/2/folders/1klyBjovfKXhLqBhbWX1n9dwqD-qne5f2 No Types Assigned

https://drive.google.com/drive/u/2/folders/1klyBjovfKXhLqBhbWX1n9dwqD-qne5f2 Exploit, Third Party Advisory

https://invisible-island.net/ncurses/NEWS.html#t20180414 No Types Assigned

https://invisible-island.net/ncurses/NEWS.html#t20180414 Release Notes, Third Party Advisory