Control: severity -1 important
On 2017-11-24 16:23 -0500, Luciano Bello wrote:
> Package: ncurses
> X-Debbugs-CC: t...@security.debian.org
> secure-testing-t...@lists.alioth.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> the following vulnerability was published for ncurses.
>
> CVE-2017-16879[0]:
> | Stack-based buffer overflow in the _nc_write_entry function in
> | tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial
> | of service (application crash) or possibly execute arbitrary code via
> | a crafted terminfo file, as demonstrated by tic.
For the crash to happen the attacker needs to persuade the victim into
running tic on their terminfo file first (there are no users of the
_nc_write_entry function besides tic), and arbitrary code execution
should be prevented by the stack protection.
Like the previous CVEs on ncurses published earlier this year, this
should be tagged no-DSA in the tracker.
Cheers,
Sven
