Published: 18/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 518

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

It exists that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2019-17594)

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu ncurses 6.3
gnu ncurses
apple macos
debian debian linux 10.0

Debian Bug report logs - #1009870 ncurses: CVE-2022-29458 Package: src:ncurses; Maintainer for src:ncurses is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Apr 2022 15:36:01 UTC Severity: important Tags: security, upstream Found in version ncurses/63-2 Rep ...

Several security issues were fixed in ncurses ...

The ncurses package (tic) is susceptible to a heap overflow on crafted input When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw The highest threat from this vulnerability is system availability (CVE-2021-39537) A segmentation fault vulnerability was found in ncurses ...

ALAS-2022-217 Amazon Linux 2022 Security Advisory: ALAS-2022-217 Advisory Release Date: 2022-12-06 16:41 Pacific ...

CWE-125 https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html https://support.apple.com/kb/HT213488 https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/28 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/notices/USN-5477-1 https://nvd.nist.gov

CVE-2022-29458

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect