Stack-based Buffer Overflow in ncurses 6.0 Affects GNU Software
CVE-2017-16879

7.8HIGH

Key Information:

Vendor

Gnu
Status
Ncurses
Vendor
CVE Published:
22 November 2017

What is CVE-2017-16879?

A stack-based buffer overflow vulnerability exists in the _nc_write_entry function of ncurses 6.0, which can be exploited through specially crafted terminfo files. This vulnerability allows attackers to potentially crash the application, resulting in a denial of service, or in some cases, execute arbitrary code. The flaw highlights the need for careful input validation and secure coding practices to mitigate risks associated with vulnerable applications.

References

http://packetstormsecurity.com/files/145045/GNU-ncurses-6...
x_refsource_MISC
https://security.gentoo.org/glsa/201804-13
vendor-advisoryx_refsource_GENTOO
http://invisible-island.net/ncurses/NEWS.html#t20171125
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.