Vulnerabilities > GNU > Ncurses > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-29491 | Out-of-bounds Write vulnerability in GNU Ncurses ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | 7.8 |
| 2022-04-18 | CVE-2022-29458 | Out-of-bounds Read vulnerability in multiple products ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | 7.1 |
| 2021-09-20 | CVE-2021-39537 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in ncurses through v6.2-1. | 8.8 |
| 2017-11-22 | CVE-2017-16879 | Out-of-bounds Write vulnerability in GNU Ncurses 6.0 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. | 7.8 |
| 2017-08-29 | CVE-2017-13728 | Infinite Loop vulnerability in GNU Ncurses 6.0 There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. | 7.5 |
| 2017-07-08 | CVE-2017-11113 | NULL Pointer Dereference vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. | 7.5 |
| 2017-07-08 | CVE-2017-11112 | Improper Input Validation vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. | 7.5 |