CVE-2017-10685

CRITICAL

GNU Ncurses - Format String Vulnerability

Title source: rule

Description

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

References (2)

[Third Party Advisory] https://security.gentoo.org/glsa/201804-13

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1464692

Scores

CVSS v3 9.8

EPSS 0.0152

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (1)

gnu/ncurses 6.0

Published Jun 29, 2017

Tracked Since Feb 18, 2026