Remote Denial of Service Vulnerability in ncurses by The GNU Project
CVE-2017-11113

7.5HIGH

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 8 July 2017

What is CVE-2017-11113?

In ncurses version 6.0, there exists a vulnerability characterized by a NULL pointer dereference in the _nc_parse_entry function found in tinfo/parse_entry.c. This flaw can result in a remote denial of service attack, especially when untrusted terminfo data is processed. Ensuring that only trusted data is handled by the terminfo library is crucial for mitigating potential service disruptions.

References

https://security.gentoo.org/glsa/201804-13

vendor-advisoryx_refsource_GENTOO

https://bugzilla.redhat.com/show_bug.cgi?id=1464691

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2017
Vulnerability Reserved
Jul 8, 2017

Gnu

What is CVE-2017-11113?

References

CVSS V3.1

Timeline