CVE-2017-16879

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
gnuncurses
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ncurses
bullseye
6.2+20201114-2+deb11u2
fixed
wheezy
ignored
bookworm
6.4-4
fixed
sid
6.5-2
fixed
trixie
6.5-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ncurses
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
xenial
Fixed 6.0+20160213-1ubuntu1+esm2
released
trusty
Fixed 5.9+20140118-1ubuntu1+esm2
released
Common Weakness Enumeration
References
http://invisible-island.net/ncurses/NEWS.html#t20171125
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/201804-13
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695
http://invisible-island.net/ncurses/NEWS.html#t20171125
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/201804-13
https://tools.cisco.com/security/center/viewAlert.x?alertId=57695