Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-UBUNTU1804-NCURSES-482343
- published 15 Oct 2019
- disclosed 14 Oct 2019
How to fix?
ncurses to version 6.1-1ubuntu1.18.04.1 or higher.
Note: Versions mentioned in the description apply only to the upstream
ncurses package and not the
ncurses package as distributed by
How to fix? for
Ubuntu:18.04 relevant fixed versions and status.
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.