usn-6099-1
Vulnerability from osv_ubuntu
It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594)
It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595)
It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)
It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458)
It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-29491",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lib32ncurses5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "lib32ncursesw5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "lib32tinfo5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "lib64ncurses5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "lib64tinfo5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libncurses5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libncursesw5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libtinfo5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libx32ncurses5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libx32ncursesw5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "libx32tinfo5",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-base",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-bin",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-examples",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-term",
"binary_version": "5.9+20140118-1ubuntu1+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "ncurses",
"purl": "pkg:deb/ubuntu/ncurses@5.9+20140118-1ubuntu1+esm3?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.9+20140118-1ubuntu1+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.9+20130608-1ubuntu1",
"5.9+20131221-1ubuntu1",
"5.9+20140118-1ubuntu1",
"5.9+20140118-1ubuntu1+esm1",
"5.9+20140118-1ubuntu1+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-29491",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "lib32ncurses5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "lib32ncursesw5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "lib32tinfo5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "lib64ncurses5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "lib64tinfo5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libncurses5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libncursesw5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libtinfo5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libx32ncurses5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libx32ncursesw5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "libx32tinfo5",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-base",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-bin",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-examples",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
},
{
"binary_name": "ncurses-term",
"binary_version": "6.0+20160213-1ubuntu1+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ncurses",
"purl": "pkg:deb/ubuntu/ncurses@6.0+20160213-1ubuntu1+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0+20160213-1ubuntu1+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.9+20150516-2ubuntu1",
"6.0+20151024-2ubuntu1",
"6.0+20151024-2ubuntu2",
"6.0+20160213-1ubuntu1",
"6.0+20160213-1ubuntu1+esm1",
"6.0+20160213-1ubuntu1+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-17594",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-17595",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-39537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-29458",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-29491",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lib32ncurses5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "lib32ncursesw5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "lib32tinfo5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "lib64ncurses5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "lib64tinfo5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libncurses5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libncursesw5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libtinfo5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libx32ncurses5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libx32ncursesw5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "libx32tinfo5",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "ncurses-base",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "ncurses-bin",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "ncurses-examples",
"binary_version": "6.1-1ubuntu1.18.04.1"
},
{
"binary_name": "ncurses-term",
"binary_version": "6.1-1ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ncurses",
"purl": "pkg:deb/ubuntu/ncurses@6.1-1ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1-1ubuntu1.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.0+20160625-1ubuntu1",
"6.0+20171125-1ubuntu1",
"6.1-1ubuntu1",
"6.1-1ubuntu1.18.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-39537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-29458",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-29491",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lib32ncurses6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "lib32ncursesw6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "lib32tinfo6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "lib64ncurses6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "lib64ncursesw6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "lib64tinfo6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libncurses5",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libncurses6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libncursesw5",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libncursesw6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libtinfo5",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "libtinfo6",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "ncurses-base",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "ncurses-bin",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "ncurses-examples",
"binary_version": "6.2-0ubuntu2.1"
},
{
"binary_name": "ncurses-term",
"binary_version": "6.2-0ubuntu2.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ncurses",
"purl": "pkg:deb/ubuntu/ncurses@6.2-0ubuntu2.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2-0ubuntu2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.1+20190803-1ubuntu1",
"6.1+20191019-1ubuntu1",
"6.2-0ubuntu2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-29458",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-29491",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "lib32ncurses6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "lib32ncursesw6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "lib32tinfo6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "lib64ncurses6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "lib64ncursesw6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "lib64tinfo6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libncurses5",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libncurses6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libncursesw5",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libncursesw6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libtinfo5",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "libtinfo6",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "ncurses-base",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "ncurses-bin",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "ncurses-examples",
"binary_version": "6.3-2ubuntu0.1"
},
{
"binary_name": "ncurses-term",
"binary_version": "6.3-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ncurses",
"purl": "pkg:deb/ubuntu/ncurses@6.3-2ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.3-2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.2+20201114-2build1",
"6.2+20201114-2build2",
"6.3-1",
"6.3-2"
]
}
],
"aliases": [],
"details": "It was discovered that ncurses was incorrectly performing bounds\nchecks when processing invalid hashcodes. An attacker could possibly\nuse this issue to cause a denial of service or to expose sensitive\ninformation. This issue only affected Ubuntu 18.04 LTS.\n(CVE-2019-17594)\n\nIt was discovered that ncurses was incorrectly handling\nend-of-string characters when processing terminfo and termcap files.\nAn attacker could possibly use this issue to cause a denial of\nservice or to expose sensitive information. This issue only affected\nUbuntu 18.04 LTS. (CVE-2019-17595)\n\nIt was discovered that ncurses was incorrectly handling\nend-of-string characters when converting between termcap and\nterminfo formats. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)\n\nIt was discovered that ncurses was incorrectly performing bounds\nchecks when dealing with corrupt terminfo data while reading a\nterminfo file. An attacker could possibly use this issue to cause a\ndenial of service or to expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.\n(CVE-2022-29458)\n\nIt was discovered that ncurses was parsing environment variables when\nrunning with setuid applications and not properly handling the\nprocessing of malformed data when doing so. A local attacker could\npossibly use this issue to cause a denial of service (application\ncrash) or execute arbitrary code. (CVE-2023-29491)\n",
"id": "USN-6099-1",
"modified": "2026-06-29T10:53:02Z",
"published": "2023-05-23T11:56:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6099-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-17594"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-17595"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-39537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-29458"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-29491"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ncurses vulnerabilities",
"upstream": [
"UBUNTU-CVE-2019-17594",
"UBUNTU-CVE-2019-17595",
"UBUNTU-CVE-2021-39537",
"UBUNTU-CVE-2022-29458",
"UBUNTU-CVE-2023-29491"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.