Stack-Based Buffer Overflow in GNU ncurses Affects Local Functionality
CVE-2025-6141

4.8MEDIUM

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-6141?

A vulnerability in the GNU ncurses library affects the function postprocess_termcap located in tinfo/parse_entry.c. This issue can lead to a stack-based buffer overflow, which requires local access to exploit. Users running versions up to 6.5-20250322 should upgrade to 6.5-20250329 to mitigate this vulnerability. It is essential for users to update their installations to maintain security and prevent potential exploitation.

Affected Version(s)

ncurses 6.5-20250322

ncurses 6.5-20250329

References

https://vuldb.com/?id.312610

vdb-entrytechnical-description

https://vuldb.com/?ctiid.312610

signaturepermissions-required

https://vuldb.com/?submit.593000

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Jun 15, 2025

Credit

JJLeo (VulDB User)

Gnu

What is CVE-2025-6141?

Affected Version(s)

References

CVSS V4

Timeline

Credit