INFSA-2023:6698: ncurses security update
Information about definition
Identificator: INFSA-2023:6698
Type: security
Release date: 2025-03-05 17:23:45 UTC
Information about package
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.
Vulnerabilities description
- CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-29491
|
no information | 7.8 | no information |
Updated packages