CVE-2017-10684

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow11 documents8 sources
Severity
9.8CRITICAL
EPSS
3.3%
top 12.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Ncurses
Timeline
PublishedJun 29
Latest updateMay 26

Description

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianncurses< 6.0+20170708-1+3
Ubuntuncurses< 5.9+20140118-1ubuntu1+esm1+1
NVDgnu/ncurses6.0

🔴Vulnerability Details

4
OSV
ncurses vulnerabilities2022-05-26
GHSA
GHSA-xm97-9w7x-8vx8: In ncurses 62022-05-13
OSV
CVE-2017-10684: In ncurses 62017-06-29
CVEList
CVE-2017-10684: In ncurses 62017-06-29

📋Vendor Advisories

4
Ubuntu
ncurses vulnerabilities2022-05-26
Red Hat
ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c2017-06-24
Red Hat
ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function2017-06-24
Debian
CVE-2017-10684: ncurses - In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function...2017

💬Community

2
Bugzilla
CVE-2017-10685 ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function2017-07-20
Bugzilla
CVE-2017-10684 ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c2017-07-20
CVE-2017-10684 (CRITICAL CVSS 9.8) | In ncurses 6.0 | cvebase.io