Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN11-NCURSES-5421197
- published 13 Apr 2023
- disclosed 14 Apr 2023
How to fix?
ncurses to version 6.2+20201114-2+deb11u2 or higher.
Note: Versions mentioned in the description apply only to the upstream
ncurses package and not the
ncurses package as distributed by
How to fix? for
Debian:11 relevant fixed versions and status.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.