Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ncurses
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-14 | CVE-2019-17594 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | Ncurses, Leap | 5.3 | ||
| 2019-10-14 | CVE-2019-17595 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | Ncurses, Leap | 5.4 | ||
| 2017-06-29 | CVE-2017-10685 | In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | Ncurses | 9.8 | ||
| 2017-07-08 | CVE-2017-11113 | In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | Ncurses | 7.5 | ||
| 2018-11-12 | CVE-2018-19211 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. | Ncurses | 5.5 | ||
| 2017-08-29 | CVE-2017-13734 | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | Ncurses | 6.5 | ||
| 2017-07-08 | CVE-2017-11112 | In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | Ncurses | 7.5 |