{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6141", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-15T11:06:16.592Z", "datePublished": "2025-06-16T22:00:17.088Z", "dateUpdated": "2025-06-17T13:52:08.255Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T22:00:17.088Z"}, "title": "GNU ncurses parse_entry.c postprocess_termcap stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "GNU", "product": "ncurses", "versions": [{"version": "6.5-20250322", "status": "affected"}, {"version": "6.5-20250329", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In GNU ncurses bis 6.5-20250322 wurde eine problematische Schwachstelle gefunden. Es geht um die Funktion postprocess_termcap der Datei tinfo/parse_entry.c. Dank Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 6.5-20250329 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T13:13:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312610", "name": "VDB-312610 | GNU ncurses parse_entry.c postprocess_termcap stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312610", "name": "VDB-312610 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.593000", "name": "Submit #593000 | GNU ncurses ncurses-6.5-20250322 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "tags": ["related"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "tags": ["related"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "tags": ["patch"]}, {"url": "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "tags": ["related"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T13:51:52.620157Z", "id": "CVE-2025-6141", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T13:52:08.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6141", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-17T13:51:52.620157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T13:52:03.927Z"}}], "cna": {"title": "GNU ncurses parse_entry.c postprocess_termcap stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "JJLeo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "GNU", "product": "ncurses", "versions": [{"status": "affected", "version": "6.5-20250322"}, {"status": "unaffected", "version": "6.5-20250329"}]}], "timeline": [{"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T13:13:18.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312610", "name": "VDB-312610 | GNU ncurses parse_entry.c postprocess_termcap stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312610", "name": "VDB-312610 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.593000", "name": "Submit #593000 | GNU ncurses ncurses-6.5-20250322 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html", "tags": ["related"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html", "tags": ["related"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html", "tags": ["patch"]}, {"url": "https://invisible-island.net/ncurses/NEWS.html#index-t20250329", "tags": ["related"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In GNU ncurses bis 6.5-20250322 wurde eine problematische Schwachstelle gefunden. Es geht um die Funktion postprocess_termcap der Datei tinfo/parse_entry.c. Dank Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 6.5-20250329 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T22:00:17.088Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6141", "state": "PUBLISHED", "dateUpdated": "2025-06-17T13:52:08.255Z", "dateReserved": "2025-06-15T11:06:16.592Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-16T22:00:17.088Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component."}], "id": "CVE-2025-6141", "lastModified": "2025-06-17T20:50:23.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-16T22:16:41.527", "references": [{"source": "[email protected]", "url": "https://invisible-island.net/ncurses/NEWS.html#index-t20250329"}, {"source": "[email protected]", "url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html"}, {"source": "[email protected]", "url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html"}, {"source": "[email protected]", "url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.312610"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.312610"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.593000"}, {"source": "[email protected]", "url": "https://www.gnu.org/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "gnu-ncurses: ncurses Stack Buffer Overflow", "id": "2373097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373097"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-121)", "details": ["A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "A flaw was found in gnu-ncurses. The `postprocess_termcap` function in `tinfo/parse_entry.c` is susceptible to a stack-based buffer overflow due to improper bounds checking during termcap entry processing. This flaw allows a local attacker to trigger the overflow via a crafted termcap file, leading to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6141", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-16T22:00:17Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6141\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6141\nhttps://invisible-island.net/ncurses/NEWS.html#index-t20250329\nhttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html\nhttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html\nhttps://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html\nhttps://vuldb.com/?ctiid.312610\nhttps://vuldb.com/?id.312610\nhttps://vuldb.com/?submit.593000\nhttps://www.gnu.org/"], "threat_severity": "Low"}