CVE-2023-45918

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ncurses version 6.4-20230610

Description The issue is related to a NULL pointer dereference in the tgetstr function within the tinfo/lib termcap.c component of the ncurses library, which is used for terminal input-output management. This could potentially allow an attacker to cause a denial of service. However, it's noted that multiple third parties have disputed this as a security issue, indicating that the upstream does not regard it as such.

Recommendations For ncurses version 6.4-20230610, consider disabling the tgetstr function in tinfo/lib termcap.c as a temporary workaround until further guidance is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-06678

CVE-2023-45918

OESA-2024-1125

OPENSUSE-SU-2024_1133-1

SUSE-SU-2024:1132-1

SUSE-SU-2024:1133-1

SUSE-SU-2024:1133-2

SUSE-SU-2024_1132-1

SUSE-SU-2024_1133-1

Affected Products

Red Os

Suse

Ncurses

CVE-2023-45918

Weakness Enumeration

Related Identifiers

Affected Products

References · 29