CVE-2023-45918

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45918.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45918
Related
Withdrawn
2024-10-28T20:49:55Z
Published
2024-02-16T22:15:07Z
Modified
2024-10-31T20:50:10.742932Z
Summary
[none]
Details

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.

References

Affected packages

Debian:11 / ncurses

Package

Name
ncurses
Purl
pkg:deb/debian/ncurses?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2+20201114-2
6.2+20201114-2+deb11u1
6.2+20201114-2+deb11u2
6.2+20201114-3
6.2+20201114-4
6.2+20210905-1
6.3-1
6.3-2
6.3+20220423-1
6.3+20220423-2
6.3+20221224-1
6.3+20221224-2
6.4-1
6.4-2
6.4-3
6.4-4
6.4+20230603-1
6.4+20230625-1
6.4+20230625-2
6.4+20231007-1
6.4+20231016-1
6.4+20231118-1
6.4+20231121-1
6.4+20231209-1
6.4+20240113-1
6.4+20240414-1
6.5-1
6.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ncurses

Package

Name
ncurses
Purl
pkg:deb/debian/ncurses?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4-4
6.4+20230603-1
6.4+20230625-1
6.4+20230625-2
6.4+20231007-1
6.4+20231016-1
6.4+20231118-1
6.4+20231121-1
6.4+20231209-1
6.4+20240113-1
6.4+20240414-1
6.5-1
6.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ncurses

Package

Name
ncurses
Purl
pkg:deb/debian/ncurses?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4+20230625-1

Affected versions

6.*

6.4-4
6.4+20230603-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}