This page lists publicly disclosed CVE vulnerabilities affecting gnu ncurses (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-19190 | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.40% | 2023-08-22 | 2024-11-21 |
| CVE-2020-19189 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.95% | 2023-08-22 | 2024-11-21 |
| CVE-2020-19188 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.40% | 2023-08-22 | 2024-11-21 |
| CVE-2020-19187 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.40% | 2023-08-22 | 2024-11-21 |
| CVE-2020-19186 | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.47% | 2023-08-22 | 2024-11-21 |
| CVE-2020-19185 | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | [email protected] | 6.5 | 1.40% | 2023-08-22 | 2024-11-21 |
| CVE-2023-29491 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | [email protected] | 7.8 | 0.92% | 2023-04-14 | 2025-11-04 |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | [email protected] | 7.1 | 1.30% | 2022-04-18 | 2025-06-09 |
| CVE-2021-39537 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | [email protected] | 8.8 | 3.00% | 2021-09-20 | 2024-11-21 |
| CVE-2019-17595 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | [email protected] | 5.4 | 2.05% | 2019-10-14 | 2024-11-21 |
| CVE-2019-17594 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. | [email protected] | 5.3 | 0.55% | 2019-10-14 | 2024-11-21 |
| CVE-2018-19217 | In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party | [email protected] | 6.5 | 1.15% | 2018-11-12 | 2024-11-21 |
| CVE-2018-19211 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. | [email protected] | 5.5 | 0.86% | 2018-11-12 | 2024-11-21 |
| CVE-2017-16879 | Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. | [email protected] | 7.8 | 2.38% | 2017-11-22 | 2026-05-13 |
| CVE-2017-13734 | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | [email protected] | 6.5 | 2.13% | 2017-08-29 | 2026-05-13 |
| CVE-2017-13733 | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | [email protected] | 6.5 | 2.73% | 2017-08-29 | 2026-05-13 |
| CVE-2017-13732 | There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | [email protected] | 6.5 | 2.91% | 2017-08-29 | 2026-05-13 |
| CVE-2017-13731 | There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | [email protected] | 6.5 | 2.91% | 2017-08-29 | 2026-05-13 |
| CVE-2017-13730 | There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | [email protected] | 6.5 | 2.91% | 2017-08-29 | 2026-05-13 |
| CVE-2017-13729 | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | [email protected] | 6.5 | 2.91% | 2017-08-29 | 2026-05-13 |