INFSA-2025:12876: ncurses security update
Information about definition
Identificator: INFSA-2025:12876
Type: security
Release date: 2025-08-13 13:39:04 UTC
Information about package
The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.
Vulnerabilities description
- CVE-2022-29458
GNU ncurses could allow a local attacker to bypass security restrictions, caused by an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain access.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-29458
|
no information | 6.1 | no information |
Updated packages