USN-5448-1

Source
https://ubuntu.com/security/notices/USN-5448-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5448-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5448-1
Upstream
Related
Published
2022-05-26T17:17:13.392171Z
Modified
2025-10-13T04:35:57Z
Summary
ncurses vulnerabilities
Details

It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684)

It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685)

It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734)

It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which could lead to NULL pointer dereferencing. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11113)

It was discovered that ncurses was incorrectly handling loops in libtic, which could lead to the execution of an infinite loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13728)

References

Affected packages

Ubuntu:Pro:14.04:LTS / ncurses

Package

Name
ncurses
Purl
pkg:deb/ubuntu/ncurses@5.9+20140118-1ubuntu1+esm1?arch=source&distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9+20140118-1ubuntu1+esm1

Affected versions

5.*

5.9+20130608-1ubuntu1
5.9+20131221-1ubuntu1
5.9+20140118-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32ncurses5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32ncurses5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32ncursesw5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32ncursesw5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32tinfo-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib32tinfo5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib64ncurses5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib64ncurses5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "lib64tinfo5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libncurses5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libncurses5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libncursesw5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libncursesw5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libtinfo-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libtinfo5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32ncurses5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32ncurses5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32ncursesw5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32ncursesw5-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32tinfo-dev"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "libx32tinfo5"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "ncurses-base"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "ncurses-bin"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "ncurses-examples"
        },
        {
            "binary_version": "5.9+20140118-1ubuntu1+esm1",
            "binary_name": "ncurses-term"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-10684"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-10685"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-11112"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-11113"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13728"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13729"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13730"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13731"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13732"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13733"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13734"
            }
        ],
        "ecosystem": "Ubuntu:Pro:14.04:LTS"
    }
}

Ubuntu:Pro:16.04:LTS / ncurses

Package

Name
ncurses
Purl
pkg:deb/ubuntu/ncurses@6.0+20160213-1ubuntu1+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0+20160213-1ubuntu1+esm1

Affected versions

5.*

5.9+20150516-2ubuntu1

6.*

6.0+20151024-2ubuntu1
6.0+20151024-2ubuntu2
6.0+20160213-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32ncurses5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32ncurses5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32ncursesw5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32ncursesw5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32tinfo-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib32tinfo5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib64ncurses5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib64ncurses5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "lib64tinfo5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libncurses5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libncurses5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libncursesw5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libncursesw5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libtinfo-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libtinfo5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32ncurses5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32ncurses5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32ncursesw5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32ncursesw5-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32tinfo-dev"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "libx32tinfo5"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "ncurses-base"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "ncurses-bin"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "ncurses-examples"
        },
        {
            "binary_version": "6.0+20160213-1ubuntu1+esm1",
            "binary_name": "ncurses-term"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

{
    "cves_map": {
        "cves": [
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-10684"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-10685"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-11112"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-11113"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13728"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13729"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13730"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13731"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13732"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13733"
            },
            {
                "severity": [
                    {
                        "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                        "type": "CVSS_V3"
                    },
                    {
                        "score": "negligible",
                        "type": "Ubuntu"
                    }
                ],
                "id": "CVE-2017-13734"
            }
        ],
        "ecosystem": "Ubuntu:Pro:16.04:LTS"
    }
}