Information on source package ncurses

Available versions

ReleaseVersion
jessie5.9+20140913-1+deb8u6
stretch6.0+20161126-1+deb9u5
buster6.1+20181013-2+deb10u5
bullseye6.2+20201114-2+deb11u2
bookworm6.4-4
trixie6.5-2
sid6.5-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-50495vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedNCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2021-39537vulnerablevulnerablefixedfixedfixedfixedfixedAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...

Resolved issues

BugDescription
CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows ...
CVE-2022-29458ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...
CVE-2020-19190Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:7 ...
CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...
CVE-2020-19188Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...
CVE-2020-19187Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...
CVE-2020-19186Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp ...
CVE-2020-19185Buffer Overflow vulnerability in one_one_mapping function in progs/dum ...
CVE-2019-17595There is a heap-based buffer over-read in the fmt_entry function in ti ...
CVE-2019-17594There is a heap-based buffer over-read in the _nc_find_entry function ...
CVE-2018-19217In ncurses, possibly a 6.x version, there is a NULL pointer dereferenc ...
CVE-2018-19211In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...
CVE-2017-16879Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...
CVE-2017-13734There is an illegal address access in the _nc_safe_strcat function in ...
CVE-2017-13733There is an illegal address access in the fmt_entry function in progs/ ...
CVE-2017-13732There is an illegal address access in the function dump_uses() in prog ...
CVE-2017-13731There is an illegal address access in the function postprocess_termcap ...
CVE-2017-13730There is an illegal address access in the function _nc_read_entry_sour ...
CVE-2017-13729There is an illegal address access in the _nc_save_str function in all ...
CVE-2017-13728There is an infinite loop in the next_char function in comp_scan.c in ...
CVE-2017-11113In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_e ...
CVE-2017-11112In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...
CVE-2017-10685In ncurses 6.0, there is a format string vulnerability in the fmt_entr ...
CVE-2017-10684In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entr ...

Security announcements

DSA / DLADescription
ELA-1022-1ncurses - security update
DLA-3682-1ncurses - security update
DLA-3586-1ncurses - security update
ELA-967-1ncurses - security update
DLA-3167-1ncurses - security update
ELA-643-1ncurses - security update

Search for package or bug name: Reporting problems