RSS   Vulnerabilities for 'Ncurses'   RSS

2018-11-12
 
CVE-2018-19217

CWE-476
 

 
** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.

 
 
CVE-2018-19211

CWE-476
 

 
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

 
2018-05-04
 
CVE-2018-10754

CWE-476
 

 
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a "dubious character `[' in name or alias field" detection.

 
2017-08-29
 
CVE-2017-13734

CWE-119
 

 
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

 
 
CVE-2017-13733

CWE-119
 

 
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

 
 
CVE-2017-13732

CWE-119
 

 
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

 
 
CVE-2017-13731

CWE-119
 

 
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

 
 
CVE-2017-13730

CWE-119
 

 
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

 
 
CVE-2017-13729

CWE-119
 

 
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

 
 
CVE-2017-13728

CWE-835
 

 
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

 


Copyright 2024, cxsecurity.com

 

Back to Top