PT-2017-11749 · Ncurses+2 · Ncurses+2

Owl337

Published

2017-07-08

Updated

2022-05-26

CVE-2017-11113

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ncurses version 6.0

Description The issue is related to a NULL Pointer Dereference in the nc parse entry function of tinfo/parse entry.c. This could potentially lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Recommendations For ncurses version 6.0, consider updating to a newer version that addresses this issue, as using untrusted terminfo data could lead to a denial of service attack. As a temporary workaround, restrict the use of the terminfo library to trusted data only.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2017-11113

MGASA-2018-0001

MGASA-2018-0002

SUSE-SU-2017:2075-1

SUSE-SU-2017:2076-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-5448-1

Affected Products

Suse

Ubuntu

Ncurses

PT-2017-11749 · Ncurses+2 · Ncurses+2

CVE-2017-11113

Weakness Enumeration

Related Identifiers

Affected Products

References · 63