PT-2017-11748 · Ncurses+2 · Ncurses+2

Published

2017-07-08

Updated

2022-05-26

CVE-2017-11112

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ncurses version 6.0

Description The issue is related to an attempted 0xffffffffffffffff access in the append acs function of tinfo/parse entry.c. This could potentially lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Recommendations For ncurses version 6.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of untrusted terminfo data to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-11112

MGASA-2018-0001

MGASA-2018-0002

SUSE-SU-2017:2075-1

SUSE-SU-2017:2076-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-5448-1

Affected Products

Suse

Ubuntu

Ncurses

PT-2017-11748 · Ncurses+2 · Ncurses+2

CVE-2017-11112

Weakness Enumeration

Related Identifiers

Affected Products

References · 64