ID CVE-2018-10754
Summary In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0164.NASL
    description An update of 'ncurses', 'strongswan' packages of Photon OS has been released.
    last seen 2018-09-01
    modified 2018-08-17
    plugin id 111944
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111944
    title Photon OS 1.0: Ncurses / Strongswan PHSA-2018-1.0-0164
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0074.NASL
    description An update of 'ncurses' packages of Photon OS has been released.
    last seen 2018-09-01
    modified 2018-08-17
    plugin id 111958
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111958
    title Photon OS 2.0: Ncurses PHSA-2018-2.0-0074
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1218.NASL
    description According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-08-29
    plugin id 110882
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110882
    title EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1218)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1276.NASL
    description According to the version of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-26
    modified 2018-09-25
    plugin id 117430
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117430
    title EulerOS Virtualization 2.5.2 : ncurses (EulerOS-SA-2018-1276)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1338.NASL
    description According to the version of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 118426
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118426
    title EulerOS Virtualization 2.5.0 : ncurses (EulerOS-SA-2018-1338)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-6C01A593B0.NASL
    description Security fix for CVE-2018-10754. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 110251
    published 2018-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110251
    title Fedora 27 : ncurses (2018-6c01a593b0)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1225.NASL
    description According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-29
    plugin id 111645
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111645
    title EulerOS 2.0 SP3 : ncurses (EulerOS-SA-2018-1225)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1053.NASL
    description A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754)
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 111607
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111607
    title Amazon Linux 2 : ncurses (ALAS-2018-1053)
refmap via4
misc
Last major update 04-05-2018 - 22:29
Published 04-05-2018 - 22:29
Last modified 13-06-2018 - 11:57
Back to Top