4.8
CVE-2025-6141
- EPSS 0.17%
- Veröffentlicht 16.06.2025 22:00:17
- Zuletzt bearbeitet 02.06.2026 14:16:38
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
GNU ncurses parse_entry.c postprocess_termcap stack-based overflow
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM RST2428P
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM RST2428P
Default Statusunknown
Version
0
Version <
V4.0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XCH328
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XCM324
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XCM328
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XCM332
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRH334 (24 V DC, 8xFO, CC)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (230 V AC, 12xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (230 V AC, 8xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (24 V DC, 12xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (24 V DC, 8xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (2x230 V AC, 12xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (2x230 V AC, 8xFO)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version
0
Version <
V3.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 4.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 1.7 | 3.1 | 2.9 |
AV:L/AC:L/Au:S/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
https://www.gnu.org/
https://vuldb.com/?id.312610
https://vuldb.com/?ctiid.312610
https://vuldb.com/?submit.593000
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html
https://invisible-island.net/ncurses/NEWS.html#index-t20250329
https://cert-portal.siemens.com/productcert/html/ssa-089022.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html