Null pointer dereference in ncurses (Alpine package)

1) Null pointer dereference

EUVDB-ID: #VU13374

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-10754

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper parsing of terminfo files by the _nc_write_entry function, as defined in the tinfo/parse_entry.c source code file. A remote attacker can trick the victim into open a terminfo file that submits malicious input, trigger a NULL pointer dereference condition and cause the application to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ncurses (Alpine package): 5.9-r0 - 6.0_p20171125-r0

CPE2.3

• cpe:2.3:o:alpine:ncurses_alpine_package:5.9-r0:*:*:*:*:alpine_linux:*:2.2
• cpe:2.3:o:alpine:ncurses_alpine_package:6.0_p20171125-r0:*:*:*:*:alpine_linux:*:3.4

External links

https://git.alpinelinux.org/aports/commit/?id=6c94a4c642c0fc71be234b0a1be81290f2c6fd54
https://git.alpinelinux.org/aports/commit/?id=d510fa929a7f6ede654295930273de33fd0e9b15
https://git.alpinelinux.org/aports/commit/?id=ff4efecdcffad26aa12170ab4e4b867f8f1d4c62
https://git.alpinelinux.org/aports/commit/?id=b01bcbc9705e0ad4e6778c0a34ed376300577bbc
https://git.alpinelinux.org/aports/commit/?id=f303e294fb206385ed1e11fd5188e7d2e6629b62

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.