Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe

Filtered by product Ncurses

Total 27 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-17594	2 Gnu, Opensuse	2 Ncurses, Leap	2021-02-10	4.6 MEDIUM	5.3 MEDIUM
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595	2 Gnu, Opensuse	2 Ncurses, Leap	2021-02-08	5.8 MEDIUM	5.4 MEDIUM
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2017-10685	1 Gnu	1 Ncurses	2019-10-03	7.5 HIGH	9.8 CRITICAL
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-11113	1 Gnu	1 Ncurses	2019-05-06	5.0 MEDIUM	7.5 HIGH
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
CVE-2018-19211	1 Gnu	1 Ncurses	2019-04-23	4.3 MEDIUM	5.5 MEDIUM
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
CVE-2017-13734	1 Gnu	1 Ncurses	2018-10-21	4.3 MEDIUM	6.5 MEDIUM
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVE-2017-11112	1 Gnu	1 Ncurses	2018-10-21	5.0 MEDIUM	7.5 HIGH
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.