CVE-2022-29458

Summary

CVE	CVE-2022-29458
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-04-18 21:15:00 UTC
Updated	2023-11-07 03:46:00 UTC
Description	ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Macos	All	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Gnu	Ncurses	All	All	All	All
Application	Gnu	Ncurses	6.3	-	All	All

References

Reference	Source	Link	Tags
Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13		seclists.org
Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13	FULLDISC	seclists.org
An illegal memory access in ncurses, tic	MISC	lists.gnu.org
About the security content of macOS Ventura 13 - Apple Support	CONFIRM	support.apple.com
Re: An illegal memory access in ncurses, tic	MISC	lists.gnu.org
[SECURITY] [DLA 3167-1] ncurses security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181173 Debian Security Update for ncurses (DLA 3167-1)
182549 Debian Security Update for ncurses (CVE-2022-29458)
199358 Ubuntu Security Notification for ncurses Vulnerabilities (USN-6099-1)
296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
354130 Amazon Linux Security Advisory for ncurses : ALAS2-2022-1893
354388 Amazon Linux Security Advisory for ncurses : ALAS2022-2022-217
354530 Amazon Linux Security Advisory for ncurses : ALAS-2022-217
354584 Amazon Linux Security Advisory for ncurses : ALAS-2022-217
355115 Amazon Linux Security Advisory for ncurses : ALAS2023-2023-023
502225 Alpine Linux Security Update for ncurses
502436 Alpine Linux Security Update for ncurses
502437 Alpine Linux Security Update for ncurses
502438 Alpine Linux Security Update for ncurses
502453 Alpine Linux Security Update for ncurses
504177 Alpine Linux Security Update for ncurses
671841 EulerOS Security Update for ncurses (EulerOS-SA-2022-1905)
671894 EulerOS Security Update for ncurses (EulerOS-SA-2022-1940)
671911 EulerOS Security Update for ncurses (EulerOS-SA-2022-2003)
671943 EulerOS Security Update for ncurses (EulerOS-SA-2022-1973)
671977 EulerOS Security Update for ncurses (EulerOS-SA-2022-2139)
672009 EulerOS Security Update for ncurses (EulerOS-SA-2022-2164)
672250 EulerOS Security Update for ncurses (EulerOS-SA-2022-2625)
752451 SUSE Enterprise Linux Security Update for ncurses (SUSE-SU-2022:2718-1)
752456 SUSE Enterprise Linux Security Update for ncurses (SUSE-SU-2022:2717-1)
900855 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504)
901214 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9497)
902481 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504-1)
905945 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504-2)
906370 Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9497-2)