CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16879 – GNU ncurses 6.0 tic Denial Of Service
https://notcve.org/view.php?id=CVE-2017-16879
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. Desbordamiento de búfer basado en pila en la función _nc_write_entry en tinfo/write_entry.c en ncurses en la versión 6.0 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) o posiblemente ejecuten código arbitrario mediante un archivo terminfo manipulado, tal y como demuestra tic. tic in the GNU ncurses library version 6.0 suffers from a buffer overflow condition that can cause a denial of service. • http://invisible-island.net/ncurses/NEWS.html#t20171125 http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201804-13 https://tools.cisco.com/security/center/viewAlert.x?alertId=57695 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13728
https://notcve.org/view.php?id=CVE-2017-13728
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. Existe un bucle infinito en la función next_char en comp_scan.c de ncurses 6.0 en relación con libtic. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://bugzilla.redhat.com/show_bug.cgi?id=1484274 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201804-13 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13729
https://notcve.org/view.php?id=CVE-2017-13729
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_save_str en alloc_entry.c en ncurses 6.0. Esto podría permitir que se realice un ataque de denegación de servicio remoto. • https://bugzilla.redhat.com/show_bug.cgi?id=1484276 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201804-13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13730
https://notcve.org/view.php?id=CVE-2017-13730
There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función _nc_read_entry_source() en progs/tic.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. • https://bugzilla.redhat.com/show_bug.cgi?id=1484284 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201804-13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-13731
https://notcve.org/view.php?id=CVE-2017-13731
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Existe un acceso ilegal a direcciones en la función postprocess_termcap() en parse_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto. • https://bugzilla.redhat.com/show_bug.cgi?id=1484285 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201804-13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •