rpms/ncurses

[security][HIGH] ncurses 6.5: CVE-2025-69720 require triage #1

New issue

Open

opened 2026-05-25 20:44:41 +03:00 by sbelikov · 0 comments

sbelikov commented

2026-05-25 20:44:41 +03:00

Owner

CVE triage request / Запрос на разбор CVE

Package / Пакет

Package: ncurses
Version: 6.5
EVR: 6.5-1
Category: -
Policy class: -
NiceOS policy class: -
Owner: -
Severity: HIGH
Max CVSS: 7.8
CVE count: 1
Included NiceOS statuses: needs_triage
Included match types: cpe-exact

LLM recommendation / Рекомендация LLM

RU

Для пакета ncurses 6.5 найдены CVE-кандидаты по данным NVD/CPE: CVE-2025-69720. Требуется triage security-team.

Проверить применимость CVE к сборке НАЙС.ОС, сопоставить с upstream/vendor advisory, определить статус affected/fixed/not_affected и при необходимости подготовить обновление пакета.

Рекомендуемое действие: needs_triage

Подсказка по целевой версии: -

Проверки: Проверить сборку RPM, обновление пакета, совместимость зависимостей, service/CLI smoke tests и регрессионные сценарии по классу пакета.

Риски: Автоматическое совпадение NVD/CPE не является финальным вердиктом по НАЙС.ОС.

EN

NVD/CPE candidate CVEs were found for ncurses 6.5: CVE-2025-69720. Security-team triage is required.

Verify CVE applicability to the NiceOS build, compare with upstream/vendor advisories, set affected/fixed/not_affected status, and prepare a package update if required.

Recommended action: needs_triage

Target version hint: -

Tests: Run RPM build, package upgrade, dependency compatibility, service/CLI smoke tests, and package-class-specific regression tests.

Risks: An automatic NVD/CPE match is not the final NiceOS vulnerability verdict.

CVE candidates from NVD/CPE

CVE	Severity	CVSS	Match	Confidence	NiceOS status	Fixed in	Existing issue	Reason
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5
CVE-2025-69720	HIGH	7.8	cpe-exact	80	needs_triage			exact CPE version match: package 6.5 == CPE 6.5

Descriptions

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

CVE-2025-69720

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

Scanner integration / Интеграция со сканером

This issue was generated from niceos_cve_matches after the SPEC/Forgejo evidence pass.
After real creation, this script writes forgejo_issue_open rows into niceos_cve_evidence and marks the selected CVE rows as issue_open, so the next scanner/creator run does not duplicate the issue.

Maintainer checklist

Verify whether each CVE applies to the NiceOS build.
Compare NVD data with upstream/vendor advisory.
Set final NiceOS status: affected, fixed, not_affected, false_positive, deferred, or not_in_cloud_image.
If affected, decide update/backport strategy according to package policy class.
Run package-class-specific build, upgrade and regression tests.
Add/update niceos_cve_triage entry.
Create NICE-SA advisory if a security update is shipped.

Machine metadata

{
  "cves": [
    "CVE-2025-69720"
  ],
  "fingerprint": "195aa0a31d8ec0a01d8d",
  "generated_at": "2026-05-25T17:44:40Z",
  "match_ids": [
    1516,
    1517,
    1518,
    1519,
    1520,
    1521,
    1522,
    1523,
    1524,
    1525,
    1526,
    1527,
    1528,
    1529,
    1530,
    1531,
    1532,
    1533,
    1534,
    1535,
    1536,
    1537,
    1538,
    1539,
    1540,
    1541,
    1542,
    1543,
    1544,
    1545,
    1546,
    1547,
    1548,
    1549,
    1550,
    1551,
    1552,
    1553,
    1554,
    1555,
    1556,
    1557,
    1558,
    1559,
    1560,
    1561,
    1562,
    1563,
    1564,
    1565,
    1566,
    1567,
    1568,
    1569,
    1570,
    1571,
    1572,
    1573,
    1574,
    1575,
    1576,
    1577,
    1578,
    1579,
    1580,
    1581,
    1582,
    1583,
    1584,
    1585,
    1586,
    1587,
    1588,
    1589,
    1590,
    1591,
    1592,
    1593,
    1594,
    1595,
    1596
  ],
  "match_types": [
    "cpe-exact"
  ],
  "package": "ncurses",
  "prompt_version": "niceos_cve_issue_analysis_v2",
  "statuses": [
    "needs_triage"
  ],
  "tool": "niceos_cve_create_issues.py",
  "tool_version": "2.0",
  "version": "6.5"
}

# CVE triage request / Запрос на разбор CVE ## Package / Пакет - Package: `ncurses` - Version: `6.5` - EVR: `6.5-1` - Category: `-` - Policy class: `-` - NiceOS policy class: `-` - Owner: `-` - Severity: `HIGH` - Max CVSS: `7.8` - CVE count: `1` - Included NiceOS statuses: `needs_triage` - Included match types: `cpe-exact` ## LLM recommendation / Рекомендация LLM ### RU Для пакета ncurses 6.5 найдены CVE-кандидаты по данным NVD/CPE: CVE-2025-69720. Требуется triage security-team. Проверить применимость CVE к сборке НАЙС.ОС, сопоставить с upstream/vendor advisory, определить статус affected/fixed/not_affected и при необходимости подготовить обновление пакета. **Рекомендуемое действие:** `needs_triage` **Подсказка по целевой версии:** `-` **Проверки:** Проверить сборку RPM, обновление пакета, совместимость зависимостей, service/CLI smoke tests и регрессионные сценарии по классу пакета. **Риски:** Автоматическое совпадение NVD/CPE не является финальным вердиктом по НАЙС.ОС. ### EN NVD/CPE candidate CVEs were found for ncurses 6.5: CVE-2025-69720. Security-team triage is required. Verify CVE applicability to the NiceOS build, compare with upstream/vendor advisories, set affected/fixed/not_affected status, and prepare a package update if required. **Recommended action:** `needs_triage` **Target version hint:** `-` **Tests:** Run RPM build, package upgrade, dependency compatibility, service/CLI smoke tests, and package-class-specific regression tests. **Risks:** An automatic NVD/CPE match is not the final NiceOS vulnerability verdict. ## CVE candidates from NVD/CPE | CVE | Severity | CVSS | Match | Confidence | NiceOS status | Fixed in | Existing issue | Reason | |---|---|---:|---|---:|---|---|---|---| | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | | CVE-2025-69720 | HIGH | 7.8 | cpe-exact | 80 | needs_triage | | | exact CPE version match: package 6.5 == CPE 6.5 | ## Descriptions ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ### CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. ## Scanner integration / Интеграция со сканером This issue was generated from `niceos_cve_matches` after the SPEC/Forgejo evidence pass. After real creation, this script writes `forgejo_issue_open` rows into `niceos_cve_evidence` and marks the selected CVE rows as `issue_open`, so the next scanner/creator run does not duplicate the issue. ## Maintainer checklist - [ ] Verify whether each CVE applies to the NiceOS build. - [ ] Compare NVD data with upstream/vendor advisory. - [ ] Set final NiceOS status: `affected`, `fixed`, `not_affected`, `false_positive`, `deferred`, or `not_in_cloud_image`. - [ ] If affected, decide update/backport strategy according to package policy class. - [ ] Run package-class-specific build, upgrade and regression tests. - [ ] Add/update `niceos_cve_triage` entry. - [ ] Create `NICE-SA` advisory if a security update is shipped. ## Machine metadata ```json { "cves": [ "CVE-2025-69720" ], "fingerprint": "195aa0a31d8ec0a01d8d", "generated_at": "2026-05-25T17:44:40Z", "match_ids": [ 1516, 1517, 1518, 1519, 1520, 1521, 1522, 1523, 1524, 1525, 1526, 1527, 1528, 1529, 1530, 1531, 1532, 1533, 1534, 1535, 1536, 1537, 1538, 1539, 1540, 1541, 1542, 1543, 1544, 1545, 1546, 1547, 1548, 1549, 1550, 1551, 1552, 1553, 1554, 1555, 1556, 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, 1565, 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, 1575, 1576, 1577, 1578, 1579, 1580, 1581, 1582, 1583, 1584, 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 1593, 1594, 1595, 1596 ], "match_types": [ "cpe-exact" ], "package": "ncurses", "prompt_version": "niceos_cve_issue_analysis_v2", "statuses": [ "needs_triage" ], "tool": "niceos_cve_create_issues.py", "tool_version": "2.0", "version": "6.5" } ```

sbelikov added the

source-niceos-scan

match-cpe-exact

labels

2026-05-25 20:44:41 +03:00

Sign in to join this conversation.

No labels

match-cpe-exact

source-niceos-scan

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rpms/ncurses#1

No description provided.