CVE-2017-10684: Buffer Overflow
First published: Thu Jun 29 2017(Updated: )
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Ncurses | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1464687
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/201804-13
Frequently Asked Questions
What is the severity of CVE-2017-10684?
CVE-2017-10684 has a high severity rating due to its potential for remote arbitrary code execution.
How do I fix CVE-2017-10684?
To fix CVE-2017-10684, upgrading to a patched version of ncurses beyond 6.0 is recommended.
What impact does CVE-2017-10684 have on systems?
CVE-2017-10684 can lead to a stack-based buffer overflow which can be exploited for remote code execution.
Which versions of ncurses are affected by CVE-2017-10684?
CVE-2017-10684 affects ncurses version 6.0 only.
Is there a known exploit for CVE-2017-10684?
Yes, there are reports of exploits that can leverage CVE-2017-10684 to execute arbitrary code remotely.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/centos ncurses
- version/centos ncurses/6.0