Bugzilla – Bug 1047965
VUL-0: CVE-2017-11113: ncurses: Dereferencing NULL pointer in _nc_parse_entry
Last modified: 2020-06-26 13:43:39 UTC
Created attachment 731774 [details] Reproducer rh#1464691 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Reproducer triggers on SLE 11 and 12. References: https://bugzilla.redhat.com/show_bug.cgi?id=1464691 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11113 http://www.cvedetails.com/cve/CVE-2017-11113/
(In reply to Johannes Segitz from comment #0) > Created attachment 731774 [details] > Reproducer > > rh#1464691 > > In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry > function of tinfo/parse_entry.c. It could lead to a remote denial of service > attack if the terminfo library code is used to process untrusted terminfo > data. > > Reproducer triggers on SLE 11 and 12. > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=1464691 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11113 > http://www.cvedetails.com/cve/CVE-2017-11113/ What is wrong with bsc#1046853 and bsc#1046858
Accordingl to https://bugzilla.redhat.com/show_bug.cgi?id=1464691#c2 this is fixed as well
(In reply to Dr. Werner Fink from comment #1) Nothing wrong with them, but they are for other issues (different POC/CVE)
(In reply to Johannes Segitz from comment #3) > (In reply to Dr. Werner Fink from comment #1) > Nothing wrong with them, but they are for other issues (different POC/CVE) Please can you verify with latest ncurses that this issue is indeed fixed
POC5 causes error messages with both infotocap and captoinfo but no crash for poc in POC* do echo $poc infotocap $poc >& /dev/null echo $? captoinfo $poc >& /dev/null echo $? done POC3 0 0 POC4 0 0 POC5 0 0 POC6 0 0
resubmitted with extended changelog to mention this bug as well
This is an autogenerated message for OBS integration: This bug (1047965) was mentioned in https://build.opensuse.org/request/show/509422 Factory / ncurses
SUSE-SU-2017:2075-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1046853,1046858,1047964,1047965,1049344 CVE References: CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Server 12-SP3 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Server 12-SP2 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ncurses-5.9-50.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ncurses-5.9-50.1 OpenStack Cloud Magnum Orchestration 7 (src): ncurses-5.9-50.1
SUSE-SU-2017:2076-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1046853,1046858,1047964,1047965,1049344 CVE References: CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ncurses-5.6-93.6.1 SUSE Linux Enterprise Server 11-SP4 (src): ncurses-5.6-93.6.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ncurses-5.6-93.6.1
openSUSE-SU-2017:2158-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1046853,1046858,1047964,1047965,1049344 CVE References: CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113 Sources used: openSUSE Leap 42.3 (src): ncurses-5.9-59.1 openSUSE Leap 42.2 (src): ncurses-5.9-55.6.1
SUSE-SU-2017:2470-1: An update that solves 18 vulnerabilities and has 46 fixes is now available. Category: security (important) Bug References: 1004995,1009745,1014471,1017420,1019637,1026825,1027079,1027688,1027908,1028281,1028723,1029523,1031756,1032706,1033236,1035062,1036659,1038132,1038444,1038984,1042392,1043218,1043333,1044095,1044107,1044175,1044840,1045384,1045735,1045987,1046268,1046417,1046659,1046853,1046858,1047008,1047236,1047240,1047310,1047379,1047785,1047964,1047965,1048315,1048483,1048605,1048679,1048715,1049344,1050396,1050484,1051626,1051643,1051644,1052030,1052759,1053409,874665,902364,938657,944903,954661,960820,963041 CVE References: CVE-2013-7459,CVE-2016-9063,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-10684,CVE-2017-10685,CVE-2017-11112,CVE-2017-11113,CVE-2017-3308,CVE-2017-3309,CVE-2017-3453,CVE-2017-3456,CVE-2017-3464,CVE-2017-7435,CVE-2017-7436,CVE-2017-8872,CVE-2017-9233,CVE-2017-9269 Sources used: SUSE Container as a Service Platform ALL (src): caasp-container-manifests-0.0.0+git_r155_93e40ab-2.3.3, container-feeder-0.0.0+20170901.git_r55_17ecbd3-2.3.3, sles12-mariadb-docker-image-1.1.0-2.3.10, sles12-pause-docker-image-1.1.0-2.3.11, sles12-pv-recycler-node-docker-image-1.1.0-2.3.10, sles12-salt-api-docker-image-1.1.0-2.3.9, sles12-salt-master-docker-image-1.1.0-4.3.10, sles12-salt-minion-docker-image-1.1.0-2.3.8, sles12-velum-docker-image-1.1.0-4.3.9
released