Shodan
Vulnerabilities
Vulnerable Software
Gnu:  >> Ncurses  >> 6.0  Security Vulnerabilities
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-04-14
CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-04-18
CVE-2021-39537
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-09-20
CVE-2019-17594
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-14
CVE-2019-17595
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-10-14
CVE-2017-16879
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-11-22
CVE-2017-13728
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-08-29
CVE-2017-13729
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-08-29
CVE-2017-13730
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-08-29
CVE-2017-13731
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved