Main Vulnerability Database Vulnerabilities #VU12110

#VU12110 Stack-based buffer overflow in ncurses - CVE-2017-10684

Published: April 20, 2018 / Updated: April 23, 2018

Vulnerability identifier: #VU12110

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-10684

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ncurses

Software vendor:
Free Software Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the fmt_entry function of ncurses due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can send a request that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 6.1.

External links

http://invisible-island.net/ncurses/NEWS.html#t20170701

#VU12110 Stack-based buffer overflow in ncurses - CVE-2017-10684

Description

Remediation

External links

Please verify you're human