Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Use of Externally-Controlled Format String (#1777) · Issues · Administrator / ticket

Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Use of Externally-Controlled Format String

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Use of Externally-Controlled Format String

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): ><6.0+20161126-1+deb9u1
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package. See How to fix? for Debian:9 relevant versions.

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

References

CVE Details
Debian Security Tracker
Gentoo Security Advisory
RedHat Bugzilla Bug
Ubuntu CVE Tracker

Origin : null Type : null Image Id : null

Snyk Project Status: Active