Improper Input Validation in ncurses

Do your applications use this vulnerable package? Test your applications

Overview

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

References

CVE Details
Debian Security Tracker
Gentoo Security Advisory
RedHat Bugzilla Bug
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-11112
CWE: CWE-20
Snyk ID: SNYK-DEBIAN8-NCURSES-367728
Disclosed: 08 Jul, 2017
Published: 08 Jul, 2017

Improper Input Validation
Affecting ncurses package, versions <5.9+20140913-1+deb8u1

Overview

References

CVSS Score

Improper Input Validation Affecting ncurses package, versions <5.9+20140913-1+deb8u1

Overview

References

Improper Input Validation
Affecting ncurses package, versions <5.9+20140913-1+deb8u1