Vulnerabilities > CVE-2017-13733 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Ncurses 6.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gnu
CWE-119
nessus

Summary

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1118.NASL
    descriptionAccording to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13734) - There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.(CVE-2017-13729) - There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13733) - There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13730) - There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13732) - There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13731) - There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.(CVE-2017-13728) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-02-24
    plugin id133919
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133919
    titleEulerOS 2.0 SP5 : ncurses (EulerOS-SA-2020-1118)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133919);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-13728",
        "CVE-2017-13729",
        "CVE-2017-13730",
        "CVE-2017-13731",
        "CVE-2017-13732",
        "CVE-2017-13733",
        "CVE-2017-13734"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : ncurses (EulerOS-SA-2020-1118)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ncurses packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - There is an illegal address access in the
        _nc_safe_strcat function in strings.c in ncurses 6.0
        that will lead to a remote denial of service
        attack.(CVE-2017-13734)
    
      - There is an illegal address access in the _nc_save_str
        function in alloc_entry.c in ncurses 6.0. It will lead
        to a remote denial of service attack.(CVE-2017-13729)
    
      - There is an illegal address access in the fmt_entry
        function in progs/dump_entry.c in ncurses 6.0 that
        might lead to a remote denial of service
        attack.(CVE-2017-13733)
    
      - There is an illegal address access in the function
        _nc_read_entry_source() in progs/tic.c in ncurses 6.0
        that might lead to a remote denial of service
        attack.(CVE-2017-13730)
    
      - There is an illegal address access in the function
        dump_uses() in progs/dump_entry.c in ncurses 6.0 that
        might lead to a remote denial of service
        attack.(CVE-2017-13732)
    
      - There is an illegal address access in the function
        postprocess_termcap() in parse_entry.c in ncurses 6.0
        that will lead to a remote denial of service
        attack.(CVE-2017-13731)
    
      - There is an infinite loop in the next_char function in
        comp_scan.c in ncurses 6.0, related to libtic. A
        crafted input will lead to a remote denial of service
        attack.(CVE-2017-13728)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1118
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a04506c4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ncurses packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-term");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ncurses-5.9-14.20130511.h7.eulerosv2r7",
            "ncurses-base-5.9-14.20130511.h7.eulerosv2r7",
            "ncurses-devel-5.9-14.20130511.h7.eulerosv2r7",
            "ncurses-libs-5.9-14.20130511.h7.eulerosv2r7",
            "ncurses-term-5.9-14.20130511.h7.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2420.NASL
    descriptionAccording to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17594) - There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17595) - In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.(CVE-2017-10684) - In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.(CVE-2017-10685) - In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.(CVE-2017-11112) - In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.(CVE-2017-11113) - There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.(CVE-2017-13728) - There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.(CVE-2017-13729) - There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13730) - There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13731) - There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13732) - There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13733) - There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13734) - In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a
    last seen2020-05-08
    modified2019-12-10
    plugin id131912
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131912
    titleEulerOS 2.0 SP2 : ncurses (EulerOS-SA-2019-2420)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131912);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-10684",
        "CVE-2017-10685",
        "CVE-2017-11112",
        "CVE-2017-11113",
        "CVE-2017-13728",
        "CVE-2017-13729",
        "CVE-2017-13730",
        "CVE-2017-13731",
        "CVE-2017-13732",
        "CVE-2017-13733",
        "CVE-2017-13734",
        "CVE-2018-19211",
        "CVE-2019-17594",
        "CVE-2019-17595"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2019-2420)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ncurses packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - There is a heap-based buffer over-read in the
        _nc_find_entry function in tinfo/comp_hash.c in the
        terminfo library in ncurses before
        6.1-20191012.(CVE-2019-17594)
    
      - There is a heap-based buffer over-read in the fmt_entry
        function in tinfo/comp_hash.c in the terminfo library
        in ncurses before 6.1-20191012.(CVE-2019-17595)
    
      - In ncurses 6.0, there is a stack-based buffer overflow
        in the fmt_entry function. A crafted input will lead to
        a remote arbitrary code execution
        attack.(CVE-2017-10684)
    
      - In ncurses 6.0, there is a format string vulnerability
        in the fmt_entry function. A crafted input will lead to
        a remote arbitrary code execution
        attack.(CVE-2017-10685)
    
      - In ncurses 6.0, there is an attempted
        0xffffffffffffffff access in the append_acs function of
        tinfo/parse_entry.c. It could lead to a remote denial
        of service attack if the terminfo library code is used
        to process untrusted terminfo data.(CVE-2017-11112)
    
      - In ncurses 6.0, there is a NULL Pointer Dereference in
        the _nc_parse_entry function of tinfo/parse_entry.c. It
        could lead to a remote denial of service attack if the
        terminfo library code is used to process untrusted
        terminfo data.(CVE-2017-11113)
    
      - There is an infinite loop in the next_char function in
        comp_scan.c in ncurses 6.0, related to libtic. A
        crafted input will lead to a remote denial of service
        attack.(CVE-2017-13728)
    
      - There is an illegal address access in the _nc_save_str
        function in alloc_entry.c in ncurses 6.0. It will lead
        to a remote denial of service attack.(CVE-2017-13729)
    
      - There is an illegal address access in the function
        _nc_read_entry_source() in progs/tic.c in ncurses 6.0
        that might lead to a remote denial of service
        attack.(CVE-2017-13730)
    
      - There is an illegal address access in the function
        postprocess_termcap() in parse_entry.c in ncurses 6.0
        that will lead to a remote denial of service
        attack.(CVE-2017-13731)
    
      - There is an illegal address access in the function
        dump_uses() in progs/dump_entry.c in ncurses 6.0 that
        might lead to a remote denial of service
        attack.(CVE-2017-13732)
    
      - There is an illegal address access in the fmt_entry
        function in progs/dump_entry.c in ncurses 6.0 that
        might lead to a remote denial of service
        attack.(CVE-2017-13733)
    
      - There is an illegal address access in the
        _nc_safe_strcat function in strings.c in ncurses 6.0
        that will lead to a remote denial of service
        attack.(CVE-2017-13734)
    
      - In ncurses 6.1, there is a NULL pointer dereference at
        function _nc_parse_entry in parse_entry.c that will
        lead to a denial of service attack. The product
        proceeds to the dereference code path even after a
        'dubious character `*' in name or alias field'
        detection.(CVE-2018-19211)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2420
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f4fa791");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ncurses packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-term");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ncurses-5.9-13.20130511.h5",
            "ncurses-base-5.9-13.20130511.h5",
            "ncurses-devel-5.9-13.20130511.h5",
            "ncurses-libs-5.9-13.20130511.h5",
            "ncurses-term-5.9-13.20130511.h5"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0178-1.NASL
    descriptionThis update for ncurses fixes the following issues: Security issue fixed : - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106292
    published2018-01-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106292
    titleSUSE SLES11 Security Update : ncurses (SUSE-SU-2018:0178-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1528.NASL
    descriptionAccording to the versions of the ncurses packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13734) - There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13733) - There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13732) - There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13731) - There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13730) - There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.(CVE-2017-13729) - There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.(CVE-2017-13728) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136231
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136231
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : ncurses (EulerOS-SA-2020-1528)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL
    descriptionncurses developers reports : There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id103797
    published2017-10-12
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103797
    titleFreeBSD : ncurses -- multiple issues (b84dbd94-e894-4c91-b8cd-d328537b1b2b)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0284-1.NASL
    descriptionThis update for ncurses fixes several issues. These security issues were fixed : - CVE-2017-13734: Prevent illegal address access in the _nc_safe_strcat function in strings.c that might have lead to a remote denial of service attack (bsc#1056126). - CVE-2017-13733: Prevent illegal address access in the fmt_entry function in progs/dump_entry.c that might have lead to a remote denial of service attack (bsc#1056127). - CVE-2017-13732: Prevent illegal address access in the function dump_uses() in progs/dump_entry.c that might have lead to a remote denial of service attack (bsc#1056128). - CVE-2017-13731: Prevent illegal address access in the function postprocess_termcap() in parse_entry.c that might have lead to a remote denial of service attack (bsc#1056129). - CVE-2017-13730: Prevent illegal address access in the function _nc_read_entry_source() in progs/tic.c that might have lead to a remote denial of service attack (bsc#1056131). - CVE-2017-13729: Prevent illegal address access in the _nc_save_str function in alloc_entry.c that might have lead to a remote denial of service attack (bsc#1056132). - CVE-2017-13728: Prevent infinite loop in the next_char function in comp_scan.c that might have lead to a remote denial of service attack (bsc#1056136). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106527
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106527
    titleSUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0284-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0120-1.NASL
    descriptionThis update for ncurses fixes the following issues: Security issues fixed : - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106131
    published2018-01-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106131
    titleSUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0120-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201804-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201804-13 (ncurses: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing the user to process untrusted terminfo or other data, could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id109097
    published2018-04-18
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/109097
    titleGLSA-201804-13 : ncurses: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3183-1.NASL
    descriptionThis update for ncurses fixes the following issues: Security issues fixed : - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104993
    published2017-12-04
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104993
    titleSUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-55.NASL
    descriptionThis update for ncurses fixes the following issues : Security issues fixed : - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-01-22
    plugin id106218
    published2018-01-22
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106218
    titleopenSUSE Security Update : ncurses (openSUSE-2018-55)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2634.NASL
    descriptionAccording to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a
    last seen2020-05-08
    modified2019-12-18
    plugin id132169
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132169
    titleEulerOS 2.0 SP3 : ncurses (EulerOS-SA-2019-2634)