Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5477-1
HistoryJun 14, 2022 - 12:00 a.m.

ncurses vulnerabilities

2022-06-1400:00:00
ubuntu.com
54
ubuntu
ncurses
vulnerability
memory management
denial of service
arbitrary code
terminfo
termcap
bounds checks
sensitive information

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • ncurses - shared libraries for terminal handling (32-bit)

Details

Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)

Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)

It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibtinfo5< 6.0+20160213-1ubuntu1+esm2UNKNOWN
Ubuntu16.04noarchlib32ncurses5< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dev< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncurses5-dev-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dev< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32ncursesw5-dev-dbgsym< 6.0+20160213-1ubuntu1UNKNOWN
Ubuntu16.04noarchlib32tinfo-dev< 6.0+20160213-1ubuntu1UNKNOWN
Rows per page:
1-10 of 751

Related

openvas 48
nessus 63
osv 12
cloudfoundry 1
ubuntu 1
gentoo 1
suse 8
rocky 1
amazon 1
mageia 1
almalinux 1
rosalinux 3
ibm 1
oraclelinux 1
redhat 1
cve 6
debiancve 6
redhatcve 6
cvelist 6
prion 6
nvd 6
alpinelinux 4
ubuntucve 5
cbl_mariner 4
veracode 3
redos 1
debian 1
f5 1
openvas
openvas
Ubuntu: Security Advisory (USN-5477-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-6099-1)
2023-05-24 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2019-2544)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5477-1)
2022-06-14 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : ncurses vulnerabilities (USN-6099-1)
2023-05-23 00:00:00
openSUSE Security Update : ncurses (openSUSE-2019-2551)
2019-11-25 00:00:00
osv
osv
ncurses vulnerabilities
2022-06-14 11:17:52
ncurses vulnerabilities
2023-05-23 11:56:42
Moderate: ncurses security update
2021-11-09 09:21:17
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
ubuntu
ubuntu
ncurses vulnerabilities
2023-05-23 00:00:00
gentoo
gentoo
ncurses: Multiple vulnerabilities
2021-01-26 00:00:00
suse
suse
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (important)
2018-12-08 15:14:08
rocky
rocky
ncurses security update
2021-11-09 09:21:17
amazon
amazon
Medium: ncurses
2022-12-01 20:31:00
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2019-12-14 03:37:02
almalinux
almalinux
Moderate: ncurses security update
2021-11-09 09:21:17
rosalinux
rosalinux
Advisory ROSA-SA-2024-2364
2024-03-05 08:27:01
Advisory ROSA-SA-2021-1927
2021-07-02 17:32:26
Advisory ROSA-SA-2024-2437
2024-06-27 10:49:44
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)
2022-08-04 13:03:37
oraclelinux
oraclelinux
ncurses security update
2021-11-16 00:00:00
redhat
redhat
(RHSA-2021:4426) Moderate: ncurses security update
2021-11-09 09:21:17
cve
cve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:12
debiancve
debiancve
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:12
redhatcve
redhatcve
CVE-2018-19211
2018-11-22 13:19:14
CVE-2017-16879
2017-11-27 17:20:48
CVE-2021-39537
2021-09-22 19:10:18
cvelist
cvelist
CVE-2018-19211
2018-11-12 19:00:00
CVE-2017-16879
2017-11-22 22:00:00
CVE-2021-39537
2021-09-20 00:00:00
prion
prion
Null pointer dereference
2018-11-12 19:29:00
Stack overflow
2017-11-22 22:29:00
Heap overflow
2021-09-20 16:15:00
nvd
nvd
CVE-2018-19211
2018-11-12 19:29:00
CVE-2017-16879
2017-11-22 22:29:00
CVE-2021-39537
2021-09-20 16:15:12
alpinelinux
alpinelinux
CVE-2017-16879
2017-11-22 22:29:00
CVE-2019-17594
2019-10-14 21:15:00
CVE-2021-39537
2021-09-20 16:15:12
ubuntucve
ubuntucve
CVE-2017-16879
2017-11-22 00:00:00
CVE-2019-17594
2019-10-14 00:00:00
CVE-2021-39537
2021-09-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-39537 affecting package ncurses 6.2-6
2021-11-06 00:29:52
CVE-2021-39537 affecting package ncurses for versions less than 6.2-6
2022-04-26 19:57:37
CVE-2022-29458 affecting package ncurses 6.2-6
2022-07-14 20:59:55
veracode
veracode
Buffer Overflow
2021-11-13 00:40:53
Denial Of Service (DoS)
2021-12-09 17:11:49
Buffer Overflow
2021-11-13 00:40:51
redos
redos
ROS-20231013-02
2023-10-13 00:00:00
debian
debian
[SECURITY] [DLA 3167-1] ncurses security update
2022-10-29 08:51:46
f5
f5
K000138977 : ncurses vulnerability CVE-2022-29458
2024-03-21 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON
Related for USN-5477-1
openvas48nessus63osv12cloudfoundry1ubuntu1gentoo1suse8rocky1amazon1mageia1almalinux1rosalinux3ibm1oraclelinux1redhat1cve6debiancve6redhatcve6cvelist6prion6nvd6alpinelinux4ubuntucve5cbl_mariner4veracode3redos1debian1f51