GNU ncurses 6.1

CPE Details

GNU ncurses 6.1
gnu
ncurses
6.1
2018-10-30
12h32 +00:00
2018-10-30
12h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:ncurses:6.1:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

ncurses

Version

6.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-19185 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2020-19186 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2020-19187 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2020-19188 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2020-19189 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2020-19190 2023-08-21 22h00 +00:00 Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
6.5
Medium
CVE-2023-29491 2023-04-13 22h00 +00:00 ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
7.8
High
CVE-2022-29458 2022-04-17 22h00 +00:00 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
7.1
High
CVE-2021-39537 2021-09-19 22h00 +00:00 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
8.8
High
CVE-2019-17594 2019-10-14 18h43 +00:00 There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
5.3
Medium
CVE-2019-17595 2019-10-14 18h42 +00:00 There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
5.4
Medium
CVE-2018-19211 2018-11-12 18h00 +00:00 In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
5.5
Medium
CVE-2018-19217 2018-11-12 18h00 +00:00 In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party
6.5
Medium