Improper Access Control in ncurses 6.0 Leading to Remote Denial of Service
CVE-2017-13731

6.5MEDIUM

Key Information:

Vendor

Gnu
Status
Ncurses
Vendor
CVE Published:
29 August 2017

What is CVE-2017-13731?

A security flaw has been identified in ncurses 6.0, where improper access control in the function postprocess_termcap() can lead to illegal address access. This vulnerability allows an attacker to exploit the affected system and potentially initiate a remote denial of service attack, affecting system availability. It is crucial for users and administrators to address this issue promptly to protect their systems from potential threats.

References

https://security.gentoo.org/glsa/201804-13
vendor-advisoryx_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1484285
x_refsource_MISC
https://lists.apache.org/thread.html/rf4c02775860db415b49...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.