CVE-2022-29458

Опубликовано: 18 апр. 2022

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Отчет

Red Hat Product Security classifies this issue as having a Low security impact. This vulnerability is present in the tic program which is only used at build-time and does not exist in libncurses. The exploit can only be triggered if the user performs a specific action, such as processing terminfo from source to compiled form using trusted input, which limits the practical impact.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	ncurses	Not affected
Red Hat Enterprise Linux 7	ncurses	Not affected
Red Hat Enterprise Linux 8	ncurses	Not affected
Red Hat Enterprise Linux 9	ncurses	Fixed	RHSA-2025:12876	05.08.2025
Red Hat Enterprise Linux 9	ncurses	Fixed	RHSA-2025:12876	05.08.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2076483ncurses: segfaulting OOB read

EPSS

Процентиль: 6%

0.00029

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-29458

CVSS3: 7.1

ubuntu

больше 3 лет назад

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

CVE-2022-29458

CVSS3: 7.1

nvd

больше 3 лет назад

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

CVE-2022-29458

CVSS3: 7.1

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-29458

CVSS3: 7.1

debian

больше 3 лет назад

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...

SUSE-SU-2022:2718-1

suse-cvrf

около 3 лет назад

Security update for ncurses

EPSS

Процентиль: 6%

0.00029

Низкий

6.1 Medium

CVSS3