Every CVE whose affected-product data names Gnu Ncurses, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2017-10685 — CVSS 9.8 (critical): In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code…
CVE-2017-10684 — CVSS 9.8 (critical): In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code…
CVE-2021-39537 — CVSS 8.8 (high): An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
CVE-2023-29491 — CVSS 7.8 (high): ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via…
CVE-2017-16879 — CVSS 7.8 (high): Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of…
CVE-2017-11113 — CVSS 7.5 (high): In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote…
CVE-2017-13728 — CVSS 7.5 (high): There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote…
CVE-2017-11112 — CVSS 7.5 (high): In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a…
CVE-2000-0963 — CVSS 7.2 (high): Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or…
CVE-2002-0062 — CVSS 7.2 (high): Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges…
CVE-2022-29458 — CVSS 7.1 (high): ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the…
CVE-2017-13733 — CVSS 6.5 (medium): There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of…
CVE-2017-13734 — CVSS 6.5 (medium): There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service…
CVE-2018-19217 — CVSS 6.5 (medium): In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of…
CVE-2017-13730 — CVSS 6.5 (medium): There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial…
CVE-2017-13731 — CVSS 6.5 (medium): There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial…
CVE-2017-13732 — CVSS 6.5 (medium): There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of…
CVE-2020-19189 — CVSS 6.5 (medium): Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a…
CVE-2020-19190 — CVSS 6.5 (medium): Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service…
CVE-2017-13729 — CVSS 6.5 (medium): There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service…
CVE-2020-19185 — CVSS 6.5 (medium): Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a…
CVE-2020-19186 — CVSS 6.5 (medium): Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial…
CVE-2020-19187 — CVSS 6.5 (medium): Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of…
CVE-2020-19188 — CVSS 6.5 (medium): Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of…
CVE-2018-19211 — CVSS 5.5 (medium): In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service…
CVE-2019-17595 — CVSS 5.4 (medium): There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before…
CVE-2019-17594 — CVSS 5.3 (medium): There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before…