CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU » Ncurses » 6.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:gnu:ncurses:6.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-16879 787 DoS Exec Code Overflow 2017-11-22 2021-06-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
2 CVE-2017-13734 119 DoS Overflow 2017-08-29 2018-10-21
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
3 CVE-2017-13733 119 DoS Overflow 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
4 CVE-2017-13732 119 DoS Overflow 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.
5 CVE-2017-13731 119 DoS Overflow 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
6 CVE-2017-13730 119 DoS Overflow 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
7 CVE-2017-13729 119 DoS Overflow 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
8 CVE-2017-13728 835 DoS 2017-08-29 2021-06-29
4.3
None Remote Medium Not required None None Partial
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
9 CVE-2017-11113 476 DoS 2017-07-08 2019-05-06
5.0
None Remote Low Not required None None Partial
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
10 CVE-2017-11112 20 DoS 2017-07-08 2018-10-21
5.0
None Remote Low Not required None None Partial
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
11 CVE-2017-10685 134 Exec Code 2017-06-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
12 CVE-2017-10684 119 Exec Code Overflow 2017-06-29 2021-06-29
7.5
None Remote Low Not required Partial Partial Partial
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Total number of vulnerabilities : 12   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.