CVE-2017-11113 in ncurses
Summary
by MITRE
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/24/2019
The vulnerability CVE-2017-11113 represents a critical NULL pointer dereference flaw within the ncurses library version 6.0, specifically within the _nc_parse_entry function located in tinfo/parse_entry.c. This vulnerability arises from insufficient input validation when processing terminfo data structures that define terminal capabilities and behaviors. The ncurses library serves as a fundamental component for terminal handling in Unix-like systems, providing applications with a standardized interface for screen manipulation and terminal control. When applications rely on ncurses for terminal information processing, they become susceptible to this vulnerability through the manipulation of untrusted terminfo data sources.
The technical exploitation of this flaw occurs when the _nc_parse_entry function encounters malformed or specially crafted terminfo data that triggers a NULL pointer dereference during parsing operations. This function is responsible for interpreting terminal description entries stored in terminfo database files, which contain information about terminal capabilities such as cursor movements, color support, and special key sequences. The vulnerability manifests when the parsing logic fails to properly validate pointer references within the terminfo structure, leading to a crash when attempting to access a NULL memory location. This behavior constitutes a classic denial of service condition that can be triggered remotely through the manipulation of terminal description data.
From an operational perspective, this vulnerability presents significant risk to systems that utilize ncurses for terminal handling, particularly in environments where untrusted terminal data might be processed. The attack surface includes terminal emulators, text-based applications, and any software that dynamically loads terminal descriptions from external sources. The remote denial of service aspect means that adversaries could potentially disrupt services by sending maliciously crafted terminal data to applications using ncurses, causing them to crash and terminate unexpectedly. This vulnerability impacts systems across multiple operating systems including Linux distributions, BSD variants, and other Unix-like platforms where ncurses is a standard library component.
The vulnerability aligns with CWE-476, which specifically addresses NULL Pointer Dereference conditions in software systems. From an adversary perspective, this flaw fits within the attack pattern described in MITRE ATT&CK technique T1499.004 for network denial of service attacks, where attackers exploit weaknesses in system libraries to cause service disruption. The remediation strategy involves updating to ncurses version 6.1 or later, where the parsing logic has been strengthened to properly validate all pointer references before dereferencing. System administrators should prioritize patching this vulnerability across all systems where ncurses is utilized, particularly in server environments and applications that process untrusted terminal data. Additionally, implementing input validation controls and restricting access to terminal description files can provide additional defense in depth measures against exploitation attempts.