{"id":"USN-5448-1","summary":"ncurses vulnerabilities","details":"It was discovered that ncurses was not properly checking array bounds\nwhen executing the fmt_entry function, which could result in an\nout-of-bounds write. An attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2017-10684)\n\nIt was discovered that ncurses was not properly checking user input,\nwhich could result in it being treated as a format argument. An\nattacker could possibly use this issue to expose sensitive\ninformation or to execute arbitrary code. (CVE-2017-10685)\n\nIt was discovered that ncurses was incorrectly performing memory\nmanagement operations and was not blocking access attempts to\nillegal memory locations. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2017-11112, CVE-2017-13729,\nCVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733,\nCVE-2017-13734)\n\nIt was discovered that ncurses was not properly performing checks\non pointer values before attempting to access the related memory\nlocations, which could lead to NULL pointer dereferencing. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-11113)\n\nIt was discovered that ncurses was incorrectly handling loops in\nlibtic, which could lead to the execution of an infinite loop. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2017-13728)\n","modified":"2026-04-22T10:23:42.854648Z","published":"2022-05-26T17:17:13Z","related":["UBUNTU-CVE-2017-10684","UBUNTU-CVE-2017-10685","UBUNTU-CVE-2017-11112","UBUNTU-CVE-2017-11113","UBUNTU-CVE-2017-13728","UBUNTU-CVE-2017-13729","UBUNTU-CVE-2017-13730","UBUNTU-CVE-2017-13731","UBUNTU-CVE-2017-13732","UBUNTU-CVE-2017-13733","UBUNTU-CVE-2017-13734"],"upstream":["CVE-2017-10684","CVE-2017-10685","CVE-2017-11112","CVE-2017-11113","CVE-2017-13728","CVE-2017-13729","CVE-2017-13730","CVE-2017-13731","CVE-2017-13732","CVE-2017-13733","CVE-2017-13734","UBUNTU-CVE-2017-10684","UBUNTU-CVE-2017-10685","UBUNTU-CVE-2017-11112","UBUNTU-CVE-2017-11113","UBUNTU-CVE-2017-13728","UBUNTU-CVE-2017-13729","UBUNTU-CVE-2017-13730","UBUNTU-CVE-2017-13731","UBUNTU-CVE-2017-13732","UBUNTU-CVE-2017-13733","UBUNTU-CVE-2017-13734"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5448-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-10684"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-10685"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11112"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11113"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13728"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13729"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13730"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13731"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13732"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13733"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13734"}],"affected":[{"package":{"name":"ncurses","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/ncurses@5.9+20140118-1ubuntu1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.9+20140118-1ubuntu1+esm1"}]}],"versions":["5.9+20130608-1ubuntu1","5.9+20131221-1ubuntu1","5.9+20140118-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"lib32ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"lib32ncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"lib32tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"lib64ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"lib64tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libtinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libx32ncurses5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libx32ncursesw5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"libx32tinfo5"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"ncurses-base"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"ncurses-bin"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"ncurses-examples"},{"binary_version":"5.9+20140118-1ubuntu1+esm1","binary_name":"ncurses-term"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2017-10684","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-10685","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-11112","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-11113","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13728","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13729","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13730","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13731","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13732","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13733","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13734","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5448-1.json"}},{"package":{"name":"ncurses","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ncurses@6.0+20160213-1ubuntu1+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0+20160213-1ubuntu1+esm1"}]}],"versions":["5.9+20150516-2ubuntu1","6.0+20151024-2ubuntu1","6.0+20151024-2ubuntu2","6.0+20160213-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"lib32ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"lib32ncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"lib32tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"lib64ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"lib64tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libtinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libx32ncurses5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libx32ncursesw5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"libx32tinfo5"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"ncurses-base"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"ncurses-bin"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"ncurses-examples"},{"binary_version":"6.0+20160213-1ubuntu1+esm1","binary_name":"ncurses-term"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2017-10684","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-10685","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-11112","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-11113","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13728","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13729","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13730","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13731","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13732","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13733","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2017-13734","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5448-1.json"}}],"schema_version":"1.7.5"}