Gnu Ncurses vulnerabilities

29 known vulnerabilities affecting gnu/ncurses.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH10MEDIUM17

Vulnerabilities

Page 1 of 2

CVE-2025-69720HIGHCVSS 7.8fixed in 6.5-202512132026-03-19

CVE-2025-69720 [HIGH] CWE-121 CVE-2025-69720: The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

cvelistv5nvd

CVE-2025-6141MEDIUMCVSS 4.8v6.5-202503222025-06-16

CVE-2025-6141 [MEDIUM] CWE-119 CVE-2025-6141: A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. I

cvelistv5nvd

CVE-2020-19185MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19185 [MEDIUM] CWE-787 CVE-2020-19185: Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2020-19186MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19186 [MEDIUM] CWE-787 CVE-2020-19186: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allo Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2020-19190MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19190 [MEDIUM] CWE-787 CVE-2020-19190: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2020-19187MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19187 [MEDIUM] CWE-787 CVE-2020-19187: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2020-19189MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19189 [MEDIUM] CWE-787 CVE-2020-19189: Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2020-19188MEDIUMCVSS 6.5v6.12023-08-22

CVE-2020-19188 [MEDIUM] CWE-787 CVE-2020-19188: Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

nvd

CVE-2023-29491HIGHCVSS 7.8fixed in 6.42023-04-14

CVE-2023-29491 [HIGH] CWE-787 CVE-2023-29491: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger securi ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

nvd

CVE-2022-29458HIGHCVSS 7.1fixed in 6.3v6.32022-04-18

CVE-2022-29458 [HIGH] CWE-125 CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_st ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

nvd

CVE-2021-39537HIGHCVSS 8.8≤ 6.2.12021-09-20

CVE-2021-39537 [HIGH] CWE-787 CVE-2021-39537: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buf An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

nvd

CVE-2019-17595MEDIUMCVSS 5.4fixed in 6.22019-10-14

CVE-2019-17595 [MEDIUM] CWE-125 CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminf There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

nvd

CVE-2019-17594MEDIUMCVSS 5.3fixed in 6.22019-10-14

CVE-2019-17594 [MEDIUM] CWE-125 CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the te There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

nvd

CVE-2018-19217MEDIUMCVSS 6.5v6.12018-11-12

CVE-2018-19217 [MEDIUM] CWE-476 CVE-2018-19217: In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_mat In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party

nvd

CVE-2018-19211MEDIUMCVSS 5.5v6.12018-11-12

CVE-2018-19211 [MEDIUM] CWE-476 CVE-2018-19211: In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c tha In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

nvd

CVE-2017-16879HIGHCVSS 7.8v6.02017-11-22

CVE-2017-16879 [HIGH] CWE-787 CVE-2017-16879: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 al Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

nvd

CVE-2017-13728HIGHCVSS 7.5v6.02017-08-29

CVE-2017-13728 [HIGH] CWE-835 CVE-2017-13728: There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

nvd

CVE-2017-13730MEDIUMCVSS 6.5v6.02017-08-29

CVE-2017-13730 [MEDIUM] CWE-119 CVE-2017-13730: There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

nvd

CVE-2017-13734MEDIUMCVSS 6.5v6.02017-08-29

CVE-2017-13734 [MEDIUM] CWE-119 CVE-2017-13734: There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

nvd

CVE-2017-13732MEDIUMCVSS 6.5v6.02017-08-29

CVE-2017-13732 [MEDIUM] CWE-119 CVE-2017-13732: There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

nvd

1 / 2Next →