Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 629276 (CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734)

Summary: <sys-libs/ncurses-6.1: multiple remote denial of service attacks (CVE-2017-{13728, 13729, 13730, 13731, 13732, 13733, 13734})
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 648114    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-08-29 12:26:53 UTC
CVE-2017-13728 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728):

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484274


CVE-2017-13729 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729):

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484276


CVE-2017-13730 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730):

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484284


CVE-2017-13731 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731):

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484285


CVE-2017-13732 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732):

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484287


CVE-2017-13733 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733):

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484290


CVE-2017-13734 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734):

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. 

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1484291
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 17:52:40 UTC
CVE-2017-13734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13734):
  There is an illegal address access in the _nc_safe_strcat function in
  strings.c in ncurses 6.0 that will lead to a remote denial of service
  attack.

CVE-2017-13733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13733):
  There is an illegal address access in the fmt_entry function in
  progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
  service attack.

CVE-2017-13732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13732):
  There is an illegal address access in the function dump_uses() in
  progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
  service attack.

CVE-2017-13731 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13731):
  There is an illegal address access in the function postprocess_termcap() in
  parse_entry.c in ncurses 6.0 that will lead to a remote denial of service
  attack.

CVE-2017-13730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13730):
  There is an illegal address access in the function _nc_read_entry_source()
  in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service
  attack.

CVE-2017-13729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13729):
  There is an illegal address access in the _nc_save_str function in
  alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service
  attack.

CVE-2017-13728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13728):
  There is an infinite loop in the next_char function in comp_scan.c in
  ncurses 6.0, related to libtic. A crafted input will lead to a remote denial
  of service attack.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-04-17 18:20:06 UTC
This issue was resolved and addressed in
 GLSA 201804-13 at https://security.gentoo.org/glsa/201804-13
by GLSA coordinator Aaron Bauman (b-man).