CVE-2023-45918

Description

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.

How to fix CVE-2023-45918

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/ncurses—no fix listed

Is CVE-2023-45918 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2023-45918.

Affected packages (1)

• Debian/ncursesfrom 0

References (4)

• ADVISORYsecurity.netapp.com/advisory/ntap-20240315-0006/
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-45918
• REPORTbugzilla.redhat.com/show_bug.cgi?id=2300290#c1
• WEBlists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html