CVE-2017-10684

Опубликовано: 29 июн. 2017

Источник: debian

EPSS Низкий

Описание

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ncurses	fixed	6.0+20170708-1		package
ncurses	fixed	6.0+20161126-1+deb9u1	stretch	package
ncurses	fixed	5.9+20140913-1+deb8u1	jessie	package
ncurses	no-dsa		wheezy	package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=1464687

EPSS

Процентиль: 87%

0.032

Низкий

Связанные уязвимости

CVE-2017-10684

CVSS3: 9.8

ubuntu

больше 8 лет назад

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVE-2017-10684

CVSS3: 5.3

redhat

больше 8 лет назад

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

CVE-2017-10684

CVSS3: 9.8

nvd

больше 8 лет назад

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

GHSA-xm97-9w7x-8vx8

CVSS3: 9.8

github

больше 3 лет назад

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

openSUSE-SU-2017:1882-1

suse-cvrf

больше 8 лет назад

Recommended update for ncurses

EPSS

Процентиль: 87%

0.032

Низкий