CVE-2021-39537

8.8HIGH

Key Information:

Vendor
Gnu
Status
Ncurses
Vendor
CVE Published:
20 September 2021

Summary

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

References

https://lists.gnu.org/archive/html/bug-ncurses/2020-08/ms...
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/ms...
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.