) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gnu:ncurses:5.8:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-29491 |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Published: April 13, 2023; 9:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2022-29458 |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. Published: April 18, 2022; 5:15:07 PM -0400 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
| CVE-2021-39537 |
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Published: September 20, 2021; 12:15:12 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-17595 |
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Published: October 14, 2019; 5:15:11 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-17594 |
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Published: October 14, 2019; 5:15:11 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM |