{"id":"USN-5477-1","summary":"ncurses vulnerabilities","details":"Hosein Askari discovered that ncurses was incorrectly performing\nmemory management operations when dealing with long filenames while\nwriting structures into the file system. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2017-16879)\n\nChung-Yi Lin discovered that ncurses was incorrectly handling access\nto invalid memory areas when parsing terminfo or termcap entries where\nthe use-name had invalid syntax. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2018-19211)\n\nIt was discovered that ncurses was incorrectly performing bounds\nchecks when processing invalid hashcodes. An attacker could possibly\nuse this issue to cause a denial of service or to expose sensitive\ninformation. (CVE-2019-17594)\n\nIt was discovered that ncurses was incorrectly handling\nend-of-string characters when processing terminfo and termcap files.\nAn attacker could possibly use this issue to cause a denial of\nservice or to expose sensitive information. (CVE-2019-17595)\n\nIt was discovered that ncurses was incorrectly handling\nend-of-string characters when converting between termcap and\nterminfo formats. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2021-39537)\n\nIt was discovered that ncurses was incorrectly performing bounds\nchecks when dealing with corrupt terminfo data while reading a\nterminfo file. An attacker could possibly use this issue to cause a\ndenial of service or to expose sensitive information.\n(CVE-2022-29458)\n","modified":"2026-02-10T04:42:40Z","published":"2022-06-14T11:17:52Z","related":["UBUNTU-CVE-2017-16879","UBUNTU-CVE-2018-19211","UBUNTU-CVE-2019-17594","UBUNTU-CVE-2019-17595","UBUNTU-CVE-2021-39537","UBUNTU-CVE-2022-29458"],"upstream":["CVE-2017-16879","CVE-2018-19211","CVE-2019-17594","CVE-2019-17595","CVE-2021-39537","CVE-2022-29458","UBUNTU-CVE-2017-16879","UBUNTU-CVE-2018-19211","UBUNTU-CVE-2019-17594","UBUNTU-CVE-2019-17595","UBUNTU-CVE-2021-39537","UBUNTU-CVE-2022-29458"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5477-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-16879"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19211"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-17594"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-17595"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-39537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29458"}],"affected":[{"package":{"name":"ncurses","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/ncurses@5.9+20140118-1ubuntu1+esm2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.9+20140118-1ubuntu1+esm2"}]}],"versions":["5.9+20130608-1ubuntu1","5.9+20131221-1ubuntu1","5.9+20140118-1ubuntu1","5.9+20140118-1ubuntu1+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32ncurses5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32ncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32ncursesw5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32tinfo-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib32tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib64ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib64ncurses5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"lib64tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libncurses5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libncursesw5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libtinfo-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libtinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32ncurses5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32ncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32ncursesw5-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32tinfo-dev"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"libx32tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"ncurses-base"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"ncurses-bin"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"ncurses-examples"},{"binary_version":"5.9+20140118-1ubuntu1+esm2","binary_name":"ncurses-term"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5477-1.json","cves_map":{"cves":[{"id":"CVE-2017-16879","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-19211","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-17594","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-17595","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2021-39537","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2022-29458","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"ncurses","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ncurses@6.0+20160213-1ubuntu1+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0+20160213-1ubuntu1+esm2"}]}],"versions":["5.9+20150516-2ubuntu1","6.0+20151024-2ubuntu1","6.0+20151024-2ubuntu2","6.0+20160213-1ubuntu1","6.0+20160213-1ubuntu1+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32ncurses5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32ncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32ncursesw5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32tinfo-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib32tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib64ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib64ncurses5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"lib64tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libncurses5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libncursesw5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libtinfo-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libtinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32ncurses5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32ncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32ncursesw5-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32tinfo-dev"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"libx32tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"ncurses-base"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"ncurses-bin"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"ncurses-examples"},{"binary_version":"6.0+20160213-1ubuntu1+esm2","binary_name":"ncurses-term"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5477-1.json","cves_map":{"cves":[{"id":"CVE-2017-16879","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-19211","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-17594","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-17595","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2021-39537","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2022-29458","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.3"}