cbcvebase.
CVE-2022-29458
published 2022-04-18

CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Affected

19 ranges
VendorProductVersion rangeFixed in
applemacos< 13.013.0
applemacos_ventura
debiandebian_linux
debianncurses< ncurses 6.3+20220423-1 (bookworm)ncurses 6.3+20220423-1 (bookworm)
gnuncurses< 6.36.3
gnuncurses
gnuncurses>= 0 < 6.2+20201114-2+deb11u16.2+20201114-2+deb11u1
gnuncurses>= 0 < 6.3+20220423-16.3+20220423-1
gnuncurses>= 0 < 6.3+20220423-16.3+20220423-1
gnuncurses>= 0 < 6.3+20220423-16.3+20220423-1
gnuncurses>= 0 < 6.1-1ubuntu1.18.04.16.1-1ubuntu1.18.04.1
gnuncurses>= 0 < 6.2-0ubuntu2.16.2-0ubuntu2.1
gnuncurses>= 0 < 6.3-2ubuntu0.16.3-2ubuntu0.1
gnuncurses>= 0 < 5.9+20140118-1ubuntu1+esm35.9+20140118-1ubuntu1+esm3
gnuncurses>= 0 < 5.9+20140118-1ubuntu1+esm25.9+20140118-1ubuntu1+esm2
gnuncurses>= 0 < 6.0+20160213-1ubuntu1+esm36.0+20160213-1ubuntu1+esm3
gnuncurses>= 0 < 6.0+20160213-1ubuntu1+esm26.0+20160213-1ubuntu1+esm2
msrccbl2_ncurses_6.3-2_on_cbl_mariner_2.0
msrccm1_ncurses_6.3-2_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv7.8HIGH