Skip to main content

Ncurses

21 CVEs product

Monthly

CVE-2023-29491 HIGH POC PATCH This Week

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Ncurses
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29458 HIGH POC This Week

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ncurses macOS Debian Linux
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-39537 HIGH POC PATCH This Week

An issue was discovered in ncurses through v6.2-1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ncurses Mac Os X macOS
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-17595 MEDIUM POC PATCH This Month

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ncurses Leap
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2019-17594 MEDIUM POC PATCH This Month

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ncurses Leap
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2019-15548 Cargo CRITICAL Act Now

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ncurses
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15547 Cargo HIGH This Week

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ncurses
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-19217 MEDIUM POC This Month

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19211 MEDIUM POC This Month

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2017-16879 HIGH This Week

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Ncurses
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2017-13734 MEDIUM POC This Month

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-13733 MEDIUM POC This Month

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13732 MEDIUM POC This Month

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13731 MEDIUM POC This Month

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13730 MEDIUM POC This Month

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13729 MEDIUM POC This Month

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-13728 HIGH POC This Week

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ncurses
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-11113 HIGH POC This Week

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-11112 HIGH This Week

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ncurses
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-10685 CRITICAL Act Now

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ncurses
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-10684 CRITICAL Act Now

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ncurses
NVD
CVSS 3.0
9.8
EPSS
2.2%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Ncurses
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ncurses +2
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in ncurses through v6.2-1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ncurses +2
NVD
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ncurses +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ncurses +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ncurses
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ncurses
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ncurses
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ncurses
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ncurses
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ncurses
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Ncurses
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy