CVE-2025-6141

EPSS 0.02%
Published 16.06.2025 22:00:17
Last modified 17.06.2025 20:50:23
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Affected products Warnungen 0 Metrics 4 CWE 2 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorGNU

≫

Product ncurses

Version 6.5-20250322

Status affected

Version 6.5-20250329

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.gnu.org/

https://vuldb.com/?id.312610

https://vuldb.com/?ctiid.312610

https://vuldb.com/?submit.593000

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html

https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html

https://invisible-island.net/ncurses/NEWS.html#index-t20250329

https://nvd.nist.gov/vuln/detail/CVE-2025-6141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6141

EUVD