Out-of-Bounds Read Vulnerability in Terminfo Library by GNU
CVE-2022-29458

7.1HIGH

Key Information:

Vendor

Gnu

Status
Vendor
CVE Published:
18 April 2022

What is CVE-2022-29458?

The vulnerability in the ncurses library stems from an out-of-bounds read and a segmentation violation occurring in the 'convert_strings' function within the 'tinfo/read_entry.c' file. This issue has potential implications for software relying on ncurses for terminal handling, affecting stability and security. Patches are available for versions of ncurses prior to 20220416, addressing the critical aspects of this flaw and ensuring better protection for users.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.