CVE-2022-29458

Published: 4/18/2022 Last updated: 6/9/2025 Reserved: 4/18/2022

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.1	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Opam packages affected (6)

bap-llvm clangml conf-mingw-w64-ncurses-i686 conf-mingw-w64-ncurses-x86_64 conf-ncurses curses

Products affected (1)

Product	Vendor	Version
n/a	n/a	22.0 ap383821

References (12)

https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://support.apple.com/kb/HT213488
https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html
http://seclists.org/fulldisclosure/2022/Oct/41
http://seclists.org/fulldisclosure/2022/Oct/28
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://support.apple.com/kb/HT213488
https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html
http://seclists.org/fulldisclosure/2022/Oct/41
http://seclists.org/fulldisclosure/2022/Oct/28