Description
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
References (4)
Core 4
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44487
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/138550
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1142
Patch, Vendor Advisory vendor-advisory
x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt
Scores
EPSS
0.0008
EPSS Percentile
24.4%
Details
Status
published
Products (10)
freebsd/freebsd
3.4
freebsd/freebsd
3.5.1
freebsd/freebsd
4.0
freebsd/freebsd
4.1
freebsd/freebsd
4.1.1 (2 CPE variants)
gnu/ncurses
< 5.6
immunix/immunix
6.2
immunix/immunix
7.0_beta
redhat/linux
6.2 (3 CPE variants)
redhat/linux
7.0
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026