CVE-2025-6141

EPSS 0.02%
Veröffentlicht 16.06.2025 22:00:17
Zuletzt bearbeitet 17.06.2025 20:50:23
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerGNU

≫

Produkt ncurses

Version 6.5-20250322

Status affected

Version 6.5-20250329

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.gnu.org/

https://vuldb.com/?id.312610

https://vuldb.com/?ctiid.312610

https://vuldb.com/?submit.593000

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html

https://invisible-island.net/ncurses/NEWS.html#index-t20250329

https://nvd.nist.gov/vuln/detail/CVE-2025-6141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6141

EUVD