← back
CVE-2021-39537

CVE-2021-39537

EPSS 3.0%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markuphttp://seclists.org/fulldisclosure/2022/Oct/28http://seclists.org/fulldisclosure/2022/Oct/41http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://lists.debian.org/debian-lts-announce/2023/12/msg00004.htmlhttps://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.htmlhttps://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.htmlhttps://security.netapp.com/advisory/ntap-20230427-0012/https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213444https://support.apple.com/kb/HT213488