CVE-2017-16879Out-of-bounds Write in Ncurses

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 36.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Ncurses
Timeline
PublishedNov 22
Latest updateJun 14

Description

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debiangnu/ncurses< 6.0+20171125-1+3
Ubuntugnu/ncurses< 5.9+20140118-1ubuntu1+esm2+1
NVDgnu/ncurses6.0

🔴Vulnerability Details

4
OSV
ncurses vulnerabilities2022-06-14
GHSA
GHSA-r8vx-h3vx-6wh2: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry2022-05-13
CVEList
CVE-2017-16879: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry2017-11-22
OSV
CVE-2017-16879: Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry2017-11-22

📋Vendor Advisories

3
Ubuntu
ncurses vulnerabilities2022-06-14
Red Hat
ncurses: Stack-based buffer overflow in the _nc_write_entry function2017-11-18
Debian
CVE-2017-16879: ncurses - Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry...2017

💬Community

2
Bugzilla
CVE-2017-16879 ncurses: Stack-based buffer overflow in the _nc_write_entry function [fedora-all]2017-11-27
Bugzilla
CVE-2017-16879 ncurses: Stack-based buffer overflow in the _nc_write_entry function2017-11-27
CVE-2017-16879 — Out-of-bounds Write in GNU Ncurses | cvebase