Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1302

Related Vulnerabilities: CVE-2017-10684   CVE-2017-10685   CVE-2017-11112   CVE-2017-11113  

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11112) In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11113) In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10684) In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10685)

Source

ALAS2-2019-1302

Amazon Linux 2 Security Advisory: ALAS-2019-1302
Advisory Release Date: 2019-09-30 22:49 Pacific
Advisory Updated Date: 2019-10-02 23:13 Pacific
Severity: Medium
Issue Overview:

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11112)


In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11113)


In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10684)

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10685)


Affected Packages:

ncurses


Issue Correction:
Run yum update ncurses to update your system.

New Packages:
aarch64:
    ncurses-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-libs-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-devel-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-static-6.0-8.20170212.amzn2.1.3.aarch64
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.3.aarch64

i686:
    ncurses-6.0-8.20170212.amzn2.1.3.i686
    ncurses-libs-6.0-8.20170212.amzn2.1.3.i686
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.i686
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.3.i686
    ncurses-devel-6.0-8.20170212.amzn2.1.3.i686
    ncurses-static-6.0-8.20170212.amzn2.1.3.i686
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.3.i686

noarch:
    ncurses-base-6.0-8.20170212.amzn2.1.3.noarch
    ncurses-term-6.0-8.20170212.amzn2.1.3.noarch

src:
    ncurses-6.0-8.20170212.amzn2.1.3.src

x86_64:
    ncurses-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-libs-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-devel-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-static-6.0-8.20170212.amzn2.1.3.x86_64
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.3.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started