Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-ORACLE8-NCURSESLIBS-5912096
- published 21 Sep 2023
- disclosed 14 Apr 2023
How to fix?
ncurses-libs to version 0:6.1-9.20180224.el8_8.1 or higher.
This issue was patched in
Note: Versions mentioned in the description apply only to the upstream
ncurses-libs package and not the
ncurses-libs package as distributed by
How to fix? for
Oracle:8 relevant fixed versions and status.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.