Out-of-Bounds Read Vulnerability in Terminfo Library by GNU
CVE-2022-29458
7.1HIGH
What is CVE-2022-29458?
The vulnerability in the ncurses library stems from an out-of-bounds read and a segmentation violation occurring in the 'convert_strings' function within the 'tinfo/read_entry.c' file. This issue has potential implications for software relying on ncurses for terminal handling, affecting stability and security. Patches are available for versions of ncurses prior to 20220416, addressing the critical aspects of this flaw and ensuring better protection for users.