CVE-2017-16879 Information

Description

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file as demonstrated by tic.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://invisible-island.net/ncurses/NEWS.htmlt20171125 http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html https://security.gentoo.org/glsa/201804-13 https://tools.cisco.com/security/center/viewAlert.x?alertId=57695

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8