Out-of-Bounds Read Vulnerability in Terminfo Library by GNU
CVE-2022-29458

7.1HIGH

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 18 April 2022

Summary

The vulnerability in the ncurses library stems from an out-of-bounds read and a segmentation violation occurring in the 'convert_strings' function within the 'tinfo/read_entry.c' file. This issue has potential implications for software relying on ncurses for terminal handling, affecting stability and security. Patches are available for versions of ncurses prior to 20220416, addressing the critical aspects of this flaw and ensuring better protection for users.

References

https://lists.gnu.org/archive/html/bug-ncurses/2022-04/ms...

https://support.apple.com/kb/HT213488

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2022
Vulnerability Reserved
Apr 18, 2022