src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2025-6141 (Low) detected in ncursesncurses-6.5

Open mend-bolt-for-github[bot] opened this issue 4 months ago • 0 comments

CVE-2025-6141 - Low Severity Vulnerability

Vulnerable Library - ncursesncurses-6.5

Gnu Distributions

Library home page: https://ftp.gnu.org/gnu/ncurses?wsslib=ncurses

Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb

Found in base branches: stable/3.2, master

Vulnerable Source Files (2)

/contrib/ncurses/ncurses/tinfo/parse_entry.c /contrib/ncurses/ncurses/tinfo/parse_entry.c

Vulnerability Details

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Publish Date: 2025-06-16

URL: CVE-2025-6141

CVSS 3 Score Details (3.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Jul 03 '25 20:07 mend-bolt-for-github[bot]