4.8

CVE-2025-6141

GNU ncurses parse_entry.c postprocess_termcap stack-based overflow

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
Produkt RUGGEDCOM RST2428P
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt RUGGEDCOM RST2428P
Default Statusunknown
Version 0
Version < V4.0
Status affected
HerstellerSiemens
Produkt SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XCH328
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XCM324
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XCM328
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XCM332
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRH334 (24 V DC, 8xFO, CC)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (230 V AC, 12xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (230 V AC, 8xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (24 V DC, 12xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (24 V DC, 8xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (2x230 V AC, 12xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (2x230 V AC, 8xFO)
Default Statusunknown
Version 0
Version < V3.3
Status affected
HerstellerSiemens
Produkt SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)
Default Statusunknown
Version 0
Version < V3.3
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 4.8 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.gnu.org/
https://vuldb.com/?id.312610
https://vuldb.com/?ctiid.312610
https://vuldb.com/?submit.593000
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html
https://invisible-island.net/ncurses/NEWS.html#index-t20250329
https://cert-portal.siemens.com/productcert/html/ssa-089022.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html