Stack-Based Buffer Overflow in ncurses 6.0 Affects Remote Code Execution
CVE-2017-10684

9.8CRITICAL

Key Information:

Vendor

Gnu
Status
Ncurses
Vendor
CVE Published:
29 June 2017

What is CVE-2017-10684?

A stack-based buffer overflow flaw exists in the fmt_entry function of ncurses 6.0, where improper handling of crafted input may permit an attacker to execute arbitrary code remotely. This vulnerability can be exploited through specially crafted inputs, resulting in severe security implications for affected systems.

References

https://security.gentoo.org/glsa/201804-13
vendor-advisoryx_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1464687
x_refsource_MISC
https://lists.apache.org/thread.html/rf4c02775860db415b49...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.