Details of VAR-202204-0632

ID

VAR-202204-0632

CVE

CVE-2022-29458

TITLE

ncurses Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009766

DESCRIPTION

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. (CVE-2019-17594). ========================================================================== Ubuntu Security Notice USN-6099-1 May 23, 2023 ncurses vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ncurses. Software Description: - ncurses: shared libraries for terminal handling Details: It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: lib32ncurses6 6.4-2ubuntu0.1 lib32ncursesw6 6.4-2ubuntu0.1 lib32tinfo6 6.4-2ubuntu0.1 lib64ncurses6 6.4-2ubuntu0.1 lib64ncursesw6 6.4-2ubuntu0.1 lib64tinfo6 6.4-2ubuntu0.1 libncurses5 6.4-2ubuntu0.1 libncurses6 6.4-2ubuntu0.1 libncursesw5 6.4-2ubuntu0.1 libncursesw6 6.4-2ubuntu0.1 libtinfo5 6.4-2ubuntu0.1 libtinfo6 6.4-2ubuntu0.1 ncurses-bin 6.4-2ubuntu0.1 Ubuntu 22.10: lib32ncurses6 6.3+20220423-2ubuntu0.1 lib32ncursesw6 6.3+20220423-2ubuntu0.1 lib32tinfo6 6.3+20220423-2ubuntu0.1 lib64ncurses6 6.3+20220423-2ubuntu0.1 lib64ncursesw6 6.3+20220423-2ubuntu0.1 lib64tinfo6 6.3+20220423-2ubuntu0.1 libncurses5 6.3+20220423-2ubuntu0.1 libncurses6 6.3+20220423-2ubuntu0.1 libncursesw5 6.3+20220423-2ubuntu0.1 libncursesw6 6.3+20220423-2ubuntu0.1 libtinfo5 6.3+20220423-2ubuntu0.1 libtinfo6 6.3+20220423-2ubuntu0.1 ncurses-bin 6.3+20220423-2ubuntu0.1 Ubuntu 22.04 LTS: lib32ncurses6 6.3-2ubuntu0.1 lib32ncursesw6 6.3-2ubuntu0.1 lib32tinfo6 6.3-2ubuntu0.1 lib64ncurses6 6.3-2ubuntu0.1 lib64ncursesw6 6.3-2ubuntu0.1 lib64tinfo6 6.3-2ubuntu0.1 libncurses5 6.3-2ubuntu0.1 libncurses6 6.3-2ubuntu0.1 libncursesw5 6.3-2ubuntu0.1 libncursesw6 6.3-2ubuntu0.1 libtinfo5 6.3-2ubuntu0.1 libtinfo6 6.3-2ubuntu0.1 ncurses-bin 6.3-2ubuntu0.1 Ubuntu 20.04 LTS: lib32ncurses6 6.2-0ubuntu2.1 lib32ncursesw6 6.2-0ubuntu2.1 lib32tinfo6 6.2-0ubuntu2.1 lib64ncurses6 6.2-0ubuntu2.1 lib64ncursesw6 6.2-0ubuntu2.1 lib64tinfo6 6.2-0ubuntu2.1 libncurses5 6.2-0ubuntu2.1 libncurses6 6.2-0ubuntu2.1 libncursesw5 6.2-0ubuntu2.1 libncursesw6 6.2-0ubuntu2.1 libtinfo5 6.2-0ubuntu2.1 libtinfo6 6.2-0ubuntu2.1 ncurses-bin 6.2-0ubuntu2.1 Ubuntu 18.04 LTS: lib32ncurses5 6.1-1ubuntu1.18.04.1 lib32ncursesw5 6.1-1ubuntu1.18.04.1 lib32tinfo5 6.1-1ubuntu1.18.04.1 lib64ncurses5 6.1-1ubuntu1.18.04.1 lib64tinfo5 6.1-1ubuntu1.18.04.1 libncurses5 6.1-1ubuntu1.18.04.1 libncursesw5 6.1-1ubuntu1.18.04.1 libtinfo5 6.1-1ubuntu1.18.04.1 libx32ncurses5 6.1-1ubuntu1.18.04.1 libx32ncursesw5 6.1-1ubuntu1.18.04.1 libx32tinfo5 6.1-1ubuntu1.18.04.1 ncurses-bin 6.1-1ubuntu1.18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): lib32ncurses5 6.0+20160213-1ubuntu1+esm3 lib32ncursesw5 6.0+20160213-1ubuntu1+esm3 lib32tinfo5 6.0+20160213-1ubuntu1+esm3 lib64ncurses5 6.0+20160213-1ubuntu1+esm3 lib64tinfo5 6.0+20160213-1ubuntu1+esm3 libncurses5 6.0+20160213-1ubuntu1+esm3 libncursesw5 6.0+20160213-1ubuntu1+esm3 libtinfo5 6.0+20160213-1ubuntu1+esm3 libx32ncurses5 6.0+20160213-1ubuntu1+esm3 libx32ncursesw5 6.0+20160213-1ubuntu1+esm3 libx32tinfo5 6.0+20160213-1ubuntu1+esm3 ncurses-bin 6.0+20160213-1ubuntu1+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): lib32ncurses5 5.9+20140118-1ubuntu1+esm3 lib32ncursesw5 5.9+20140118-1ubuntu1+esm3 lib32tinfo5 5.9+20140118-1ubuntu1+esm3 lib64ncurses5 5.9+20140118-1ubuntu1+esm3 lib64tinfo5 5.9+20140118-1ubuntu1+esm3 libncurses5 5.9+20140118-1ubuntu1+esm3 libncursesw5 5.9+20140118-1ubuntu1+esm3 libtinfo5 5.9+20140118-1ubuntu1+esm3 libx32ncurses5 5.9+20140118-1ubuntu1+esm3 libx32ncursesw5 5.9+20140118-1ubuntu1+esm3 libx32tinfo5 5.9+20140118-1ubuntu1+esm3 ncurses-bin 5.9+20140118-1ubuntu1+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6099-1 CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2023-29491 Package Information: https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1 https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ncurses: Multiple Vulnerabilities Date: August 09, 2024 Bugs: #839351, #904247 ID: 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service. Background ========= Free software emulation of curses in System V. Affected packages ================ Package Vulnerable Unaffected ----------------------- --------------- ---------------- sys-libs/ncurses < 6.4_p20230408 >= 6.4_p20230408 sys-libs/ncurses-compat < 6.4_p20240330 >= 6.4_p20240330 Description ========== Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All ncurses users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408" # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330" References ========= [ 1 ] CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 [ 2 ] CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // PACKETSTORM: 167488 // PACKETSTORM: 172500 // PACKETSTORM: 180043

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	gnu	model:	ncurses	scope:	lt	version:	6.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	gnu	model:	ncurses	scope:	eq	version:	6.3	Trust: 1.0
vendor:	gnu	model:	ncurses	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009766 // NVD: CVE-2022-29458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29458
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29458
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-3736
value:	HIGH
Trust: 0.6
VULHUB:	VHN-420992
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-29458
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29458
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-420992
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29458
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29458
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // CNNVD: CNNVD-202204-3736 // NVD: CVE-2022-29458

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420992 // JVNDB: JVNDB-2022-009766 // NVD: CVE-2022-29458

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3736

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3736

PATCH

title:	HT213488	url:	https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html	Trust: 0.8
title:	Debian CVElist Bug Report Logs: ncurses: CVE-2022-29458	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=45c96f9efcbf1f005965c804ad562312	Trust: 0.1
title:	Ubuntu Security Notice: USN-5477-1: ncurses vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5477-1	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1893	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1893	Trust: 0.1
title:	Amazon Linux 2022: ALAS-2022-217	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-217	Trust: 0.1
title:	-	url:	https://github.com/adegoodyer/ubuntu	Trust: 0.1
title:	-	url:	https://github.com/adegoodyer/kubernetes-admin-toolkit	Trust: 0.1
title:	-	url:	https://github.com/oshawa-connection/vulnerableapp	Trust: 0.1

sources: VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29458	Trust: 3.7
db:	PACKETSTORM	id:	167488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009766	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5451	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5300	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3001	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3736	Trust: 0.6
db:	VULHUB	id:	VHN-420992	Trust: 0.1
db:	VULMON	id:	CVE-2022-29458	Trust: 0.1
db:	PACKETSTORM	id:	172500	Trust: 0.1
db:	PACKETSTORM	id:	180043	Trust: 0.1

sources: VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // PACKETSTORM: 167488 // PACKETSTORM: 172500 // PACKETSTORM: 180043 // CNNVD: CNNVD-202204-3736 // NVD: CVE-2022-29458

REFERENCES

url:	https://support.apple.com/kb/ht213488	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/41	Trust: 1.8
url:	https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html	Trust: 1.8
url:	https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/oct/28	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29458	Trust: 1.1
url:	https://cxsecurity.com/cveshow/cve-2022-29458/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5451	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5300	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ncurses-out-of-bounds-memory-reading-via-convert-strings-38580	Trust: 0.6
url:	https://packetstormsecurity.com/files/167488/ubuntu-security-notice-usn-5477-1.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht213488	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3001	Trust: 0.6
url:	https://ubuntu.com/security/notices/usn-5477-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39537	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2023-29491	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16879	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19211	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6099-1	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://security.gentoo.org/glsa/202408-19	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.2

sources: PACKETSTORM: 167488 // PACKETSTORM: 172500

SOURCES

db:	VULHUB	id:	VHN-420992
db:	VULMON	id:	CVE-2022-29458
db:	JVNDB	id:	JVNDB-2022-009766
db:	PACKETSTORM	id:	167488
db:	PACKETSTORM	id:	172500
db:	PACKETSTORM	id:	180043
db:	CNNVD	id:	CNNVD-202204-3736
db:	NVD	id:	CVE-2022-29458

LAST UPDATE DATE

2024-08-15T10:30:59.418000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420992	date:	2022-11-08T00:00:00
db:	VULMON	id:	CVE-2022-29458	date:	2022-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-009766	date:	2023-08-08T07:21:00
db:	CNNVD	id:	CNNVD-202204-3736	date:	2023-05-24T00:00:00
db:	NVD	id:	CVE-2022-29458	date:	2023-11-07T03:46:02.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420992	date:	2022-04-18T00:00:00
db:	VULMON	id:	CVE-2022-29458	date:	2022-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-009766	date:	2023-08-08T00:00:00
db:	PACKETSTORM	id:	167488	date:	2022-06-19T16:42:23
db:	PACKETSTORM	id:	172500	date:	2023-05-23T13:56:02
db:	PACKETSTORM	id:	180043	date:	2024-08-09T15:12:20
db:	CNNVD	id:	CNNVD-202204-3736	date:	2022-04-18T00:00:00
db:	NVD	id:	CVE-2022-29458	date:	2022-04-18T21:15:07.600