Denial of Service Vulnerability in Ncurses Affected by Libtic
CVE-2017-13728

7.5HIGH

Key Information:

Vendor
Gnu
Status
Ncurses
Vendor
CVE Published:
29 August 2017

Summary

A vulnerability exists in the next_char function within comp_scan.c in ncurses 6.0, specifically linked to the libtic library. This flaw can be exploited via specially crafted input, resulting in an infinite loop that may lead to a remote denial of service attack, disrupting the service for users.

References

https://security.gentoo.org/glsa/201804-13
vendor-advisoryx_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1484274
x_refsource_MISC
https://lists.apache.org/thread.html/rf4c02775860db415b49...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.