CVE-2023-50495
Publication date 12 December 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
Read the notes from the security team
Why is this CVE low priority?
no security impact as terminfo files are trusted
Status
Package | Ubuntu Release | Status |
---|---|---|
ncurses | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
|
18.04 LTS bionic |
Fixed 6.1-1ubuntu1.18.04.1+esm2
|
|
16.04 LTS xenial |
Fixed 6.0+20160213-1ubuntu1+esm5
|
|
14.04 LTS trusty |
Fixed 5.9+20140118-1ubuntu1+esm5
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
mdeslaur
This is in the code that parses terminfo database files. terminfo files are normally trusted, and since the fix for CVE-2023-29491, we no longer parse terminfo files when apps are setuid. As such, this doesn't really have a security impact. Setting priority to low.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6684-1
- ncurses vulnerability
- 7 March 2024