CVE-2022-29458

CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

7.1HIGH

EPSS

0.0%

top 87.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos GNU Ncurses Debian Debian Linux

Timeline

PublishedApr 18

Latest updateMay 23

Description

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDgnu/ncurses< 6.3+1

▶Debianncurses< 6.2+20201114-2+deb11u1+3

▶NVDapple/macos< 13.0

Also affects: Debian Linux 10.0

🔴Vulnerability Details

GHSA

GHSA-jh4f-5j2m-4v9c: ncurses 6↗2022-04-19

▶

OSV

CVE-2022-29458: ncurses 6↗2022-04-18

▶

CVEList

CVE-2022-29458: ncurses 6↗2022-04-18

▶

📋Vendor Advisories

Ubuntu

ncurses vulnerabilities↗2023-05-23

▶

Apple

CVE-2022-29458: macOS Ventura 13↗2022-10-24

▶

Ubuntu

ncurses vulnerabilities↗2022-06-14

▶

Red Hat

ncurses: segfaulting OOB read↗2022-04-18

▶

Microsoft

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.↗2022-04-12

▶