CVE-2025-69720

HIGH
2026-03-19 mitre
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch Released
Apr 09, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 19, 2026 - 15:00 vuln.today
CVE Published
Mar 19, 2026 - 00:00 nvd
HIGH 7.3

Tags

Buffer Overflow Redhat Suse

Description

ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infocmp.c, function analyze_string().

Analysis

A buffer overflow vulnerability exists in ncurses versions 6.4 and 6.5 within the infocmp utility's analyze_string() function in progs/infocmp.c. This vulnerability allows an attacker to trigger a buffer overflow by providing maliciously crafted input to the infocmp program, potentially leading to denial of service or arbitrary code execution. A proof-of-concept exploit has been publicly released on GitHub, increasing the practical risk of exploitation.

Technical Context

ncurses is a widely-used C library providing terminal control and text-based user interface capabilities across Unix-like systems. The infocmp utility is a command-line tool included with ncurses that compares and analyzes terminfo database entries. The vulnerability resides in the analyze_string() function within progs/infocmp.c, which processes terminal capability strings without proper bounds checking. This is a classic CWE-120 (Buffer Copy without Checking Size of Input) or CWE-121 (Stack-based Buffer Overflow) vulnerability where input string processing fails to validate length constraints before writing to a fixed-size buffer. The affected products are identified under ncurses through the generic CPE reference, with confirmed impact on versions 6.4 and 6.5.

Affected Products

ncurses versions 6.4 and 6.5 are confirmed vulnerable. The vulnerability affects the infocmp utility component included in these ncurses distributions. While a generic CPE (cpe:2.3:a:n/a:n/a:*:*:*:*:*:*:*:*) appears in the advisory due to incomplete metadata, the specific affected software is the GNU ncurses project. Additional technical details and discussion are available in the ncurses bug mailing list archives referenced at https://marc.info/?l=ncurses-bug&m=176539968328570&w=2, https://marc.info/?l=ncurses-bug&m=176540731801330&w=2, and https://marc.info/?l=ncurses-bug&m=176545557728083&w=2, with a public proof-of-concept available at https://github.com/Cao-Wuhui/CVE-2025-69720.

Remediation

Upgrade ncurses to version 6.6 or later when available from your distribution. Users should check their vendor's ncurses package repository for patched versions addressing CVE-2025-69720. As an interim measure, limit access to the infocmp utility through file permissions or remove it entirely if not required for production operations. If infocmp must remain available, restrict its execution through AppArmor, SELinux, or similar mandatory access control mechanisms to prevent exploitation of the buffer overflow. Monitor system logs for unexpected infocmp invocations or crashes. Refer to your Linux distribution's security advisory (e.g., from Ubuntu, Debian, Red Hat) for specific patch availability and timelines.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Vendor Status

Share

CVE-2025-69720 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy