Description
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
E
X
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
E
X
RL
O
RC
Changed
Affected products
- gnu / ncurses6.5-20250322 – 6.5-20250322
- gnu / ncurses6.5-20250329 – 6.5-20250329
References
- MISChttps://vuldb.com/?id.312610
- MISChttps://vuldb.com/?ctiid.312610
- MISChttps://vuldb.com/?submit.593000
- MAILING_LISThttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
- MAILING_LISThttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
- MAILING_LISThttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html
- MISChttps://invisible-island.net/ncurses/NEWS.html#index-t20250329
- MISChttps://www.gnu.org/