CVE-2021-39537

Description

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

How to fix CVE-2021-39537

To remediate CVE-2021-39537, upgrade the affected package to a fixed version below.

• Alpine/ncurses—upgrade to 6.2_p20200523-r1 or later
• Debian/ncurses—upgrade to 6.2+20200912-1 or later
• —upgrade to 6.1+20181013-2+deb10u5 or later

Is CVE-2021-39537 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 6.2_p20200523-r1
• from 0, < 6.2+20200912-1
• from 0, < 6.1+20181013-2+deb10u5

CVSS scores

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2021-39537
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-39537