CVE-2021-39537

Опубликовано: 20 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Ссылки

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
Patch
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/45
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
Exploit
Mailing List
Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
Mailing List
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230427-0012/
https://support.apple.com/kb/HT213443
Third Party Advisory
https://support.apple.com/kb/HT213444
Third Party Advisory
https://support.apple.com/kb/HT213488
Third Party Advisory
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
Patch
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/45
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
Exploit
Mailing List
Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:*

Версия до 6.2.1 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:11.7:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00365

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-39537

CVSS3: 8.8

ubuntu

больше 4 лет назад

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

CVE-2021-39537

CVSS3: 5.5

redhat

больше 5 лет назад

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

CVE-2021-39537

CVSS3: 8.8

msrc

больше 4 лет назад

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

CVE-2021-39537

CVSS3: 8.8

debian

больше 4 лет назад

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...

openSUSE-SU-2021:3490-1

suse-cvrf

больше 4 лет назад

Security update for ncurses

EPSS

Процентиль: 58%

0.00365

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787