CVE-2021-39537
8.8 HIGHAn issue was discovered in ncurses through v6.2-1
Published: 2021-09-20 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-787
Affected products
| Vendor | Product |
|---|---|
| apple | mac_os_x, macos, ncurses |
| gnu | mac_os_x, macos, ncurses |
Description
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39537
- [Patch]http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
- [Other]http://seclists.org/fulldisclosure/2022/Oct/28
- [Other]http://seclists.org/fulldisclosure/2022/Oct/41
- [Other]http://seclists.org/fulldisclosure/2022/Oct/43
- [Other]http://seclists.org/fulldisclosure/2022/Oct/45
- [Other]https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
- [Vendor advisory]https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
- [Vendor advisory]https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
- [Other]https://security.netapp.com/advisory/ntap-20230427-0012/
- [Other]https://support.apple.com/kb/HT213443
- [Other]https://support.apple.com/kb/HT213444
- [Other]https://support.apple.com/kb/HT213488
- [Patch]http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
- [Other]http://seclists.org/fulldisclosure/2022/Oct/28
- [Other]http://seclists.org/fulldisclosure/2022/Oct/41
- [Other]http://seclists.org/fulldisclosure/2022/Oct/43
- [Other]http://seclists.org/fulldisclosure/2022/Oct/45
- [Other]https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
- [Vendor advisory]https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
- [Vendor advisory]https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
- [Other]https://security.netapp.com/advisory/ntap-20230427-0012/
- [Other]https://support.apple.com/kb/HT213443
- [Other]https://support.apple.com/kb/HT213444
- [Other]https://support.apple.com/kb/HT213488
Related CVEs
Same vendor
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2025-46308 — An authorization issue was addressed with improved state management (5.3 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
- CVE-2025-43339 — An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)
Same CWE
- CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
- CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)
- CVE-2026-12310 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)