CVE-2017-11113 : Security Advisory and Response
Learn about CVE-2017-11113, a vulnerability in ncurses 6.0 that can lead to a denial of service attack due to a NULL Pointer Dereference. Find out how to mitigate and prevent this issue.
Ncurses 6.0 has a vulnerability that can lead to a denial of service attack due to a NULL Pointer Dereference in the _nc_parse_entry function.
Understanding CVE-2017-11113
What is CVE-2017-11113?
This CVE refers to a vulnerability in ncurses 6.0 that can be exploited to cause a denial of service attack when processing untrusted terminfo data.
The Impact of CVE-2017-11113
The vulnerability could potentially lead to a denial of service attack if untrusted terminfo data is processed using the terminfo library code.
Technical Details of CVE-2017-11113
Vulnerability Description
The _nc_parse_entry function in tinfo/parse_entry.c of ncurses 6.0 has a vulnerability where a NULL Pointer Dereference can occur.
Affected Systems and Versions
- Product: N/A
- Vendor: N/A
- Version: N/A
Exploitation Mechanism
The vulnerability could be exploited by processing untrusted terminfo data using the terminfo library code.
Mitigation and Prevention
Immediate Steps to Take
- Apply patches provided by the vendor promptly.
- Avoid processing untrusted terminfo data.
Long-Term Security Practices
- Regularly update and patch software to prevent vulnerabilities.
- Implement proper input validation to mitigate similar issues.
Patching and Updates
Ensure that the ncurses library is updated to a patched version to address the vulnerability.