Bug 2254244 (CVE-2023-50495) - CVE-2023-50495 ncurses: segmentation fault via _nc_wrap_entry()
Summary: CVE-2023-50495 ncurses: segmentation fault via _nc_wrap_entry()
Status: NEW
Alias: CVE-2023-50495
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2254245
Blocks: 2254238
TreeView+ depends on / blocked
Reported: 2023-12-12 20:21 UTC by Patrick Del Bello
Modified: 2024-03-13 08:21 UTC (History)
14 users (show)

Fixed In Version: ncurses-6.4
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Patrick Del Bello 2023-12-12 20:21:37 UTC
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().


Comment 1 Patrick Del Bello 2023-12-12 20:21:59 UTC
Created ncurses tracking bugs for this issue:

Affects: fedora-all [bug 2254245]

Comment 3 Joe Orton 2023-12-13 13:00:22 UTC
This looks like it can only be triggered via "tic", which is used to process terminfo from source to compiled form, and the input is trusted. The practical impact is very limited - it is similar to gcc crashing - why has this been assigned a CVE name at all?

Note You need to log in before you can comment on or make changes to this bug.