Vulnerability Details : CVE-2017-11112
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-11112
- cpe:2.3:a:gnu:ncurses:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11112
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11112
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-11112
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11112
-
https://bugzilla.redhat.com/show_bug.cgi?id=1464686
1464686 – Illegal address access in append_acs function in ncurses tool with latest verison(6.0)Issue Tracking
-
https://security.gentoo.org/glsa/201804-13
ncurses: Multiple vulnerabilities (GLSA 201804-13) — Gentoo security
Jump to