PT-2020-6935 · Ncurses+6 · Ncurses+6

Bruno Vernay

Published

2020-08-04

Updated

2026-01-21

CVE-2021-39537

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ncurses versions through v6.2-1

Description An issue was discovered in the ncurses library, specifically in the nc captoinfo function of the captoinfo.c component, which is related to a heap-based buffer overflow. This issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For ncurses versions through v6.2-1, as a temporary workaround, consider disabling the nc captoinfo function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-3296

AZL-6740

BDU:2023-07626

CVE-2021-39537

DLA-3682-1

OESA-2021-1386

OPENSUSE-SU-2021:1417-1

OPENSUSE-SU-2021:3490-1

OPENSUSE-SU-2021_1417-1

OPENSUSE-SU-2021_3490-1

SUSE-SU-2021:3490-1

SUSE-SU-2021:3491-1

SUSE-SU-2021_3490-1

SUSE-SU-2021_3491-1

USN-5477-1

USN-6099-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Apple Macos

Suse

Ubuntu

Ncurses

PT-2020-6935 · Ncurses+6 · Ncurses+6

CVE-2021-39537

Weakness Enumeration

Related Identifiers

Affected Products

References · 68