{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-50495", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:16:47.021Z", "dateReserved": "2023-12-11T00:00:00", "datePublished": "2023-12-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-31T03:06:19.751745"}, "descriptions": [{"lang": "en", "value": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry()."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html"}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0008/"}, {"name": "FEDORA-2024-96090dafaf", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:47.021Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "tags": ["x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0008/", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-96090dafaf", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invisible-island:ncurse:6.4-20230418:*:*:*:*:*:*:*", "matchCriteriaId": "4796E807-08B7-46FD-9BD1-EF727BE6BB58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry()."}, {"lang": "es", "value": "Se descubri\u00f3 que NCurse v6.4-20230418 conten\u00eda un error de segmentaci\u00f3n a trav\u00e9s del componente _nc_wrap_entry()."}], "id": "CVE-2023-50495", "lastModified": "2024-11-21T08:37:04.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T15:15:07.867", "references": [{"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240119-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240119-0008/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ncurses: segmentation fault via _nc_wrap_entry()", "id": "2254244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254244"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry()."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-50495", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-50495\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50495"], "statement": "Red Hat Product Security classifies this issue as having a Low security impact. To exploit a user needs to perform a specific action, such as processing terminfo from source to compiled form, with the trusted input, making it challenging and minimal practical impact.", "threat_severity": "Low", "upstream_fix": "ncurses 6.4"}