Remote Denial of Service Vulnerability in ncurses by The GNU Project
CVE-2017-11113

7.5HIGH

Key Information:

Vendor
Gnu
Status
Ncurses
Vendor
CVE Published:
8 July 2017

Summary

In ncurses version 6.0, there exists a vulnerability characterized by a NULL pointer dereference in the _nc_parse_entry function found in tinfo/parse_entry.c. This flaw can result in a remote denial of service attack, especially when untrusted terminfo data is processed. Ensuring that only trusted data is handled by the terminfo library is crucial for mitigating potential service disruptions.

References

https://security.gentoo.org/glsa/201804-13
vendor-advisoryx_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1464691
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.