CVE-2017-13731
Ubuntu Security Notice USN-5448-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
Existe un acceso ilegal a direcciones en la función postprocess_termcap() en parse_entry.c en ncurses 6.0 que podría acabar en un ataque de denegación de servicio remoto.
It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-29 CVE Reserved
- 2017-08-29 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1484285 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201804-13 | 2023-11-07 |