CVE-2002-0062 — Classic Buffer Overflow in Ncurses

CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 58.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Ncurses Debian Linux Freebsd +2 more

Timeline

PublishedMar 8

Latest updateApr 30

Description

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDgnu/ncurses< 5.0

▶NVDredhat/linux4 versions+3

▶NVDsuse/suse_linux6.2, 6.3, 7.0+2

Also affects: Debian Linux 2.2, Freebsd 3.1, 3.2, 3.3, 3.4, 3.5, 3.5.1, 4.0, 4.1, 4.1.1, 5.0

Patches

Patch: www.debian.org ↗Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-33p7-vhh2-qpvp: Buffer overflow in ncurses 5↗2022-04-30

▶

CVEList

CVE-2002-0062: Buffer overflow in ncurses 5↗2003-04-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-02-18

▶

💬Community

Bugzilla

CVE-2002-0062 security flaw↗2018-08-16

▶