Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6099-1.NASL
HistoryMay 23, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : ncurses vulnerabilities (USN-6099-1)

2023-05-2300:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
ubuntu
ncurses
vulnerabilities
heap-based buffer over-read
heap-based buffer overflow
out-of-bounds read
segmentation violation
memory corruption

0.008 Low

EPSS

Percentile

82.2%

JSON

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6099-1 advisory.

  • There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17594)

  • There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17595)

  • An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. (CVE-2021-39537)

  • ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458)

  • ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6099-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176244);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/16");

  script_cve_id(
    "CVE-2019-17594",
    "CVE-2019-17595",
    "CVE-2021-39537",
    "CVE-2022-29458",
    "CVE-2023-29491"
  );
  script_xref(name:"USN", value:"6099-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : ncurses vulnerabilities (USN-6099-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are
affected by multiple vulnerabilities as referenced in the USN-6099-1 advisory.

  - There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo
    library in ncurses before 6.1-20191012. (CVE-2019-17594)

  - There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo
    library in ncurses before 6.1-20191012. (CVE-2019-17595)

  - An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer
    overflow. (CVE-2021-39537)

  - ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings
    in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458)

  - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-
    relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo
    or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6099-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39537");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32tinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32tinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64tinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32tinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-term");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '23.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04 / 23.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'lib32ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib32ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib32ncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib32ncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib32tinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib32tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib64ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib64ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'lib64tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libtinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32ncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32ncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32tinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'libx32tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'ncurses-base', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '16.04', 'pkgname': 'ncurses-term', 'pkgver': '6.0+20160213-1ubuntu1+esm3'},
    {'osver': '18.04', 'pkgname': 'lib32ncurses5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib32ncurses5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib32ncursesw5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib32ncursesw5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib32tinfo-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib32tinfo5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib64ncurses5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib64ncurses5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'lib64tinfo5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libncurses5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libncursesw5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libtinfo5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32ncurses5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32ncurses5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32ncursesw5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32ncursesw5-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32tinfo-dev', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libx32tinfo5', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'ncurses-base', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '18.04', 'pkgname': 'ncurses-term', 'pkgver': '6.1-1ubuntu1.18.04.1'},
    {'osver': '20.04', 'pkgname': 'lib32ncurses-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib32ncurses6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib32ncursesw6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib32tinfo6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib64ncurses-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib64ncurses6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib64ncursesw6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'lib64tinfo6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncurses-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncurses5', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncurses6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncursesw5', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libncursesw6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libtinfo5', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'libtinfo6', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'ncurses-base', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '20.04', 'pkgname': 'ncurses-term', 'pkgver': '6.2-0ubuntu2.1'},
    {'osver': '22.04', 'pkgname': 'lib32ncurses-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib32ncurses6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib32ncursesw6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib32tinfo6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib64ncurses-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib64ncurses6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib64ncursesw6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'lib64tinfo6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncurses-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncurses5', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncurses6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncursesw5', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libncursesw6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libtinfo5', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libtinfo6', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'ncurses-base', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'ncurses-term', 'pkgver': '6.3-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib32ncurses-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib32ncurses6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib32ncursesw6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib32tinfo6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib64ncurses-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib64ncurses6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib64ncursesw6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'lib64tinfo6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncurses-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncurses5', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncurses6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncursesw5', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libncursesw6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libtinfo5', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'libtinfo6', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'ncurses-base', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.4-2ubuntu0.1'},
    {'osver': '23.04', 'pkgname': 'ncurses-term', 'pkgver': '6.4-2ubuntu0.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lib32ncurses-dev / lib32ncurses5 / lib32ncurses5-dev / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linux23.04cpe:/o:canonical:ubuntu_linux:23.04
canonicalubuntu_linuxlib32ncurses-devp-cpe:/a:canonical:ubuntu_linux:lib32ncurses-dev
canonicalubuntu_linuxlib32ncurses5p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5
canonicalubuntu_linuxlib32ncurses5-devp-cpe:/a:canonical:ubuntu_linux:lib32ncurses5-dev
canonicalubuntu_linuxlib32ncurses6p-cpe:/a:canonical:ubuntu_linux:lib32ncurses6
canonicalubuntu_linuxlib32ncursesw5p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5
Rows per page:
1-10 of 421

Related

cloudfoundry 1
osv 11
ubuntu 2
openvas 47
nessus 64
gentoo 1
suse 6
redhat 3
rocky 1
mageia 2
almalinux 1
amazon 3
rosalinux 3
oraclelinux 3
ibm 1
debian 2
ubuntucve 5
alpinelinux 4
redhatcve 3
veracode 4
cve 5
nvd 4
debiancve 4
cbl_mariner 6
prion 4
cvelist 4
broadcom 1
photon 1
thn 1
redos 2
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
osv
osv
ncurses vulnerabilities
2023-05-23 11:56:42
ncurses vulnerabilities
2022-06-14 11:17:52
Moderate: ncurses security update
2021-11-09 09:21:17
ubuntu
ubuntu
ncurses vulnerabilities
2023-05-23 00:00:00
ncurses vulnerabilities
2022-06-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6099-1)
2023-05-24 00:00:00
Ubuntu: Security Advisory (USN-5477-1)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2019-2544)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5477-1)
2022-06-14 00:00:00
RHEL 8 : ncurses (RHSA-2021:4426)
2021-11-11 00:00:00
openSUSE Security Update : ncurses (openSUSE-2019-2551)
2019-11-25 00:00:00
gentoo
gentoo
ncurses: Multiple vulnerabilities
2021-01-26 00:00:00
suse
suse
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2021-10-31 00:00:00
redhat
redhat
(RHSA-2021:4426) Moderate: ncurses security update
2021-11-09 09:21:17
(RHSA-2023:6698) Moderate: ncurses security and bug fix update
2023-11-07 06:12:11
(RHSA-2023:5249) Moderate: ncurses security update
2023-09-19 12:37:09
rocky
rocky
ncurses security update
2021-11-09 09:21:17
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2019-12-14 03:37:02
Updated ncurses packages fix security vulnerability
2024-03-16 01:51:55
almalinux
almalinux
Moderate: ncurses security update
2021-11-09 09:21:17
amazon
amazon
Medium: ncurses
2022-12-01 20:31:00
Important: ncurses
2023-06-21 19:11:00
Important: ncurses
2023-07-05 21:44:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2364
2024-03-05 08:27:01
Advisory ROSA-SA-2021-1927
2021-07-02 17:32:26
Advisory ROSA-SA-2023-2263
2023-10-22 05:30:45
oraclelinux
oraclelinux
ncurses security update
2021-11-16 00:00:00
ncurses security and bug fix update
2023-11-11 00:00:00
ncurses security update
2023-09-20 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)
2022-08-04 13:03:37
debian
debian
[SECURITY] [DLA 3682-1] ncurses security update
2023-12-03 18:46:35
[SECURITY] [DLA 3167-1] ncurses security update
2022-10-29 08:51:46
ubuntucve
ubuntucve
CVE-2019-17594
2019-10-14 00:00:00
CVE-2019-17595
2019-10-14 00:00:00
CVE-2021-39537
2021-09-20 00:00:00
alpinelinux
alpinelinux
CVE-2019-17594
2019-10-14 21:15:00
CVE-2021-39537
2021-09-20 16:15:12
CVE-2019-17595
2019-10-14 21:15:00
redhatcve
redhatcve
CVE-2019-17595
2019-10-29 16:34:51
CVE-2019-17594
2019-10-29 19:55:20
CVE-2021-39537
2021-09-22 19:10:18
veracode
veracode
Buffer Overflow
2021-11-13 00:40:53
Denial Of Service (DoS)
2021-12-09 17:11:49
Buffer Overflow
2021-11-13 00:40:51
cve
cve
CVE-2019-17595
2019-10-14 21:15:11
CVE-2021-39537
2021-09-20 16:15:12
CVE-2019-17594
2019-10-14 21:15:11
nvd
nvd
CVE-2021-39537
2021-09-20 16:15:12
CVE-2019-17595
2019-10-14 21:15:11
CVE-2019-17594
2019-10-14 21:15:11
debiancve
debiancve
CVE-2021-39537
2021-09-20 16:15:12
CVE-2019-17595
2019-10-14 21:15:11
CVE-2019-17594
2019-10-14 21:15:11
cbl_mariner
cbl_mariner
CVE-2021-39537 affecting package ncurses for versions less than 6.2-6
2022-04-26 19:57:37
CVE-2021-39537 affecting package ncurses 6.2-6
2021-11-06 00:29:52
CVE-2023-29491 affecting package ncurses 6.3-2
2023-05-25 17:55:45
prion
prion
Heap overflow
2021-09-20 16:15:00
Heap overflow
2019-10-14 21:15:00
Out-of-bounds
2022-04-18 21:15:00
cvelist
cvelist
CVE-2019-17594
2019-10-14 20:43:11
CVE-2021-39537
2021-09-20 00:00:00
CVE-2019-17595
2019-10-14 20:42:57
broadcom
broadcom
A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)
2023-11-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0192
2022-06-01 00:00:00
thn
thn
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
2023-09-14 14:07:00
redos
redos
ROS-20240404-14
2024-04-04 00:00:00
ROS-20231013-02
2023-10-13 00:00:00

0.008 Low

EPSS

Percentile

82.2%

JSON
Related for UBUNTU_USN-6099-1.NASL
cloudfoundry1osv11ubuntu2openvas47nessus64gentoo1suse6redhat3rocky1mageia2almalinux1amazon3rosalinux3oraclelinux3ibm1debian2ubuntucve5alpinelinux4redhatcve3veracode4cve5nvd4debiancve4cbl_mariner6prion4cvelist4broadcom1photon1thn1redos2