4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.9%
DISPUTED In ncurses, possibly a 6.x version, there is a NULL pointer
dereference at the function _nc_name_match that will lead to a denial of
service attack. NOTE: the original report stated version 6.1, but the issue
did not reproduce for that version according to the maintainer or a
reliable third-party.
Author | Note |
---|---|
ccdm94 | for xenial and trusty the issue reproduces for the release version of the package with the provided POC file. However, patches applied to fix the CVE group CVE-2017-137xx and the CVE group CVE-2017-1068x have most likely fixed the currently considered vulnerability as well, with the reproducer no longer causing a segmentation fault for versions of the package that include these patches. This means that within the fixes present in the already applied patches was the fix for this CVE as well. |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.9%