Use of Externally-Controlled Format String in ncurses

Do your applications use this vulnerable package? Test your applications

Overview

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

References

CVE Details
Debian Security Tracker
Gentoo Security Advisory
RedHat Bugzilla Bug
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-10685
CWE: CWE-134
Snyk ID: SNYK-UBUNTU1604-NCURSES-367750
Disclosed: 29 Jun, 2017
Published: 29 Jun, 2017

Use of Externally-Controlled Format String
Affecting ncurses package, versions *

Overview

References

CVSS Score

Use of Externally-Controlled Format String Affecting ncurses package, versions *

Overview

References

Use of Externally-Controlled Format String
Affecting ncurses package, versions *