Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-45918

Published: 16 February 2024

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

Notes

AuthorNote
Priority reason:
no security impact as terminfo files are trusted
mdeslaur 
This is in the code that parses terminfo database files.
terminfo files are normally trusted, and since the fix for
CVE-2023-29491, we no longer parse terminfo files when apps are
setuid. As such, this doesn't really have a security impact.
Setting priority to low.
fixed in 20230615

Priority

Low

Status

Package Release Status
ncurses
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needed

jammy Needed

mantic Not vulnerable
(6.4+20230625-2)
trusty Needs triage

upstream Needs triage

xenial Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading