Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-03-19T00:00:00 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-120

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the `analyze_string()` function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data, or sensitive information being revealed to an attacker.

This Moderate impact vulnerability in ncurses affects Red Hat Enterprise Linux 10.0.z and 10.1.z. A buffer overflow in the `analyze_string()` function, exploitable through the `infocmp` utility, could lead to arbitrary code execution. Red Hat Enterprise Linux 6-ELS, 7-ELS, 8.x, 9.x, and OpenShift Container Platform are not affected as the vulnerable code is not present in these versions. Exploitation of this vulnerability requires that an affected application processes malicious data; this requires either user interaction or privileges on an affected system. Red Hat Enterprise Linux 10 2026-03-26T00:00:00Z RHSA-2026:5913 ncurses-0:6.4-15.20240127.el10_1 Red Hat Enterprise Linux 6 Not affected ncurses Red Hat Enterprise Linux 7 Not affected ncurses Red Hat Enterprise Linux 8 Not affected ncurses Red Hat Enterprise Linux 9 Not affected ncurses Red Hat OpenShift Container Platform 4 Not affected rhcos https://www.cve.org/CVERecord?id=CVE-2025-69720 https://nvd.nist.gov/vuln/detail/CVE-2025-69720 https://github.com/Cao-Wuhui/CVE-2025-69720 https://marc.info/?l=ncurses-bug&m=176539968328570&w=2 https://marc.info/?l=ncurses-bug&m=176540731801330&w=2 https://marc.info/?l=ncurses-bug&m=176545557728083&w=2