CVE-2016-10615
First published: Thu Apr 26 2018(Updated: )
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ncurses | <=0.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-10615?
CVE-2016-10615 has a high severity rating due to its potential for remote code execution and its vulnerability to MITM attacks.
How do I fix CVE-2016-10615?
To fix CVE-2016-10615, update the curses library to a version higher than 0.0.10 or switch to a secure method for downloading resources.
What kind of attack does CVE-2016-10615 facilitate?
CVE-2016-10615 facilitates man-in-the-middle (MITM) attacks that can lead to remote code execution.
Which versions of curses are affected by CVE-2016-10615?
CVE-2016-10615 affects curses versions up to and including 0.0.10.
What is the main impact of CVE-2016-10615?
The main impact of CVE-2016-10615 is the potential for attackers to execute malicious code on a victim's system.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/curses project
- canonical/ncurses
- version/ncurses/0.0.10