Skip to main content

Red Hat EUVDEUVD-2025-18429

| CVE-2025-6141 MEDIUM
Buffer Overflow (CWE-119)
2025-06-16 cna@vuldb.com
4.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
LOW
qualitative
SUSE
1.7 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Jun 02, 2026 - 14:22 NVD
LOW MEDIUM
CVSS changed
Jun 02, 2026 - 14:22 NVD
3.3 (LOW) 4.8 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18429
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
CVE Published
Jun 16, 2025 - 22:16 nvd
LOW 3.3

DescriptionCVE.org

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Analysis

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Vendor StatusVendor

Ubuntu

Priority: Low
ncurses
Release Status Version
noble needs-triage -
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
questing needs-triage -
plucky ignored end of life, was needs-triage

Debian

Bug #1107937
ncurses
Release Status Fixed Version Urgency
bullseye vulnerable 6.2+20201114-2+deb11u2 -
bookworm vulnerable 6.4-4 -
trixie vulnerable 6.5+20250216-2 -
forky, sid fixed 6.6+20251231-1 -
experimental fixed 6.5+20251115-1 -
(unstable) fixed 6.5+20251115-2 -

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed
SUSE Linux Enterprise Micro 5.5 Fixed

Share

EUVD-2025-18429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy