CVE-2018-10754

Affecting ncurses package, versions *

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a "dubious character `[' in name or alias field" detection.

References

CVE
CVE-2018-10754
CWE
CWE-476
Snyk ID
SNYK-DEBIAN8-NCURSES-367841
Disclosed
05 May, 2018
Published
05 May, 2018