ID

VAR-202204-0632


CVE

CVE-2022-29458


TITLE

ncurses  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009766

DESCRIPTION

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. (CVE-2019-17594). ========================================================================== Ubuntu Security Notice USN-6099-1 May 23, 2023 ncurses vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ncurses. Software Description: - ncurses: shared libraries for terminal handling Details: It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: lib32ncurses6 6.4-2ubuntu0.1 lib32ncursesw6 6.4-2ubuntu0.1 lib32tinfo6 6.4-2ubuntu0.1 lib64ncurses6 6.4-2ubuntu0.1 lib64ncursesw6 6.4-2ubuntu0.1 lib64tinfo6 6.4-2ubuntu0.1 libncurses5 6.4-2ubuntu0.1 libncurses6 6.4-2ubuntu0.1 libncursesw5 6.4-2ubuntu0.1 libncursesw6 6.4-2ubuntu0.1 libtinfo5 6.4-2ubuntu0.1 libtinfo6 6.4-2ubuntu0.1 ncurses-bin 6.4-2ubuntu0.1 Ubuntu 22.10: lib32ncurses6 6.3+20220423-2ubuntu0.1 lib32ncursesw6 6.3+20220423-2ubuntu0.1 lib32tinfo6 6.3+20220423-2ubuntu0.1 lib64ncurses6 6.3+20220423-2ubuntu0.1 lib64ncursesw6 6.3+20220423-2ubuntu0.1 lib64tinfo6 6.3+20220423-2ubuntu0.1 libncurses5 6.3+20220423-2ubuntu0.1 libncurses6 6.3+20220423-2ubuntu0.1 libncursesw5 6.3+20220423-2ubuntu0.1 libncursesw6 6.3+20220423-2ubuntu0.1 libtinfo5 6.3+20220423-2ubuntu0.1 libtinfo6 6.3+20220423-2ubuntu0.1 ncurses-bin 6.3+20220423-2ubuntu0.1 Ubuntu 22.04 LTS: lib32ncurses6 6.3-2ubuntu0.1 lib32ncursesw6 6.3-2ubuntu0.1 lib32tinfo6 6.3-2ubuntu0.1 lib64ncurses6 6.3-2ubuntu0.1 lib64ncursesw6 6.3-2ubuntu0.1 lib64tinfo6 6.3-2ubuntu0.1 libncurses5 6.3-2ubuntu0.1 libncurses6 6.3-2ubuntu0.1 libncursesw5 6.3-2ubuntu0.1 libncursesw6 6.3-2ubuntu0.1 libtinfo5 6.3-2ubuntu0.1 libtinfo6 6.3-2ubuntu0.1 ncurses-bin 6.3-2ubuntu0.1 Ubuntu 20.04 LTS: lib32ncurses6 6.2-0ubuntu2.1 lib32ncursesw6 6.2-0ubuntu2.1 lib32tinfo6 6.2-0ubuntu2.1 lib64ncurses6 6.2-0ubuntu2.1 lib64ncursesw6 6.2-0ubuntu2.1 lib64tinfo6 6.2-0ubuntu2.1 libncurses5 6.2-0ubuntu2.1 libncurses6 6.2-0ubuntu2.1 libncursesw5 6.2-0ubuntu2.1 libncursesw6 6.2-0ubuntu2.1 libtinfo5 6.2-0ubuntu2.1 libtinfo6 6.2-0ubuntu2.1 ncurses-bin 6.2-0ubuntu2.1 Ubuntu 18.04 LTS: lib32ncurses5 6.1-1ubuntu1.18.04.1 lib32ncursesw5 6.1-1ubuntu1.18.04.1 lib32tinfo5 6.1-1ubuntu1.18.04.1 lib64ncurses5 6.1-1ubuntu1.18.04.1 lib64tinfo5 6.1-1ubuntu1.18.04.1 libncurses5 6.1-1ubuntu1.18.04.1 libncursesw5 6.1-1ubuntu1.18.04.1 libtinfo5 6.1-1ubuntu1.18.04.1 libx32ncurses5 6.1-1ubuntu1.18.04.1 libx32ncursesw5 6.1-1ubuntu1.18.04.1 libx32tinfo5 6.1-1ubuntu1.18.04.1 ncurses-bin 6.1-1ubuntu1.18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): lib32ncurses5 6.0+20160213-1ubuntu1+esm3 lib32ncursesw5 6.0+20160213-1ubuntu1+esm3 lib32tinfo5 6.0+20160213-1ubuntu1+esm3 lib64ncurses5 6.0+20160213-1ubuntu1+esm3 lib64tinfo5 6.0+20160213-1ubuntu1+esm3 libncurses5 6.0+20160213-1ubuntu1+esm3 libncursesw5 6.0+20160213-1ubuntu1+esm3 libtinfo5 6.0+20160213-1ubuntu1+esm3 libx32ncurses5 6.0+20160213-1ubuntu1+esm3 libx32ncursesw5 6.0+20160213-1ubuntu1+esm3 libx32tinfo5 6.0+20160213-1ubuntu1+esm3 ncurses-bin 6.0+20160213-1ubuntu1+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): lib32ncurses5 5.9+20140118-1ubuntu1+esm3 lib32ncursesw5 5.9+20140118-1ubuntu1+esm3 lib32tinfo5 5.9+20140118-1ubuntu1+esm3 lib64ncurses5 5.9+20140118-1ubuntu1+esm3 lib64tinfo5 5.9+20140118-1ubuntu1+esm3 libncurses5 5.9+20140118-1ubuntu1+esm3 libncursesw5 5.9+20140118-1ubuntu1+esm3 libtinfo5 5.9+20140118-1ubuntu1+esm3 libx32ncurses5 5.9+20140118-1ubuntu1+esm3 libx32ncursesw5 5.9+20140118-1ubuntu1+esm3 libx32tinfo5 5.9+20140118-1ubuntu1+esm3 ncurses-bin 5.9+20140118-1ubuntu1+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6099-1 CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2023-29491 Package Information: https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1 https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ncurses: Multiple Vulnerabilities Date: August 09, 2024 Bugs: #839351, #904247 ID: 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service. Background ========= Free software emulation of curses in System V. Affected packages ================ Package Vulnerable Unaffected ----------------------- --------------- ---------------- sys-libs/ncurses < 6.4_p20230408 >= 6.4_p20230408 sys-libs/ncurses-compat < 6.4_p20240330 >= 6.4_p20240330 Description ========== Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All ncurses users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408" # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330" References ========= [ 1 ] CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 [ 2 ] CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // PACKETSTORM: 167488 // PACKETSTORM: 172500 // PACKETSTORM: 180043

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:gnumodel:ncursesscope:ltversion:6.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:gnumodel:ncursesscope:eqversion:6.3

Trust: 1.0

vendor:gnumodel:ncursesscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009766 // NVD: CVE-2022-29458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29458
value: HIGH

Trust: 1.0

NVD: CVE-2022-29458
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-3736
value: HIGH

Trust: 0.6

VULHUB: VHN-420992
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-29458
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-29458
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-420992
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-29458
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-29458
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // CNNVD: CNNVD-202204-3736 // NVD: CVE-2022-29458

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-420992 // JVNDB: JVNDB-2022-009766 // NVD: CVE-2022-29458

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3736

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3736

PATCH

title:HT213488url:https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html

Trust: 0.8

title:Debian CVElist Bug Report Logs: ncurses: CVE-2022-29458url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=45c96f9efcbf1f005965c804ad562312

Trust: 0.1

title:Ubuntu Security Notice: USN-5477-1: ncurses vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5477-1

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1893url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1893

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-217url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-217

Trust: 0.1

title: - url:https://github.com/adegoodyer/ubuntu

Trust: 0.1

title: - url:https://github.com/adegoodyer/kubernetes-admin-toolkit

Trust: 0.1

title: - url:https://github.com/oshawa-connection/vulnerableapp

Trust: 0.1

sources: VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766

EXTERNAL IDS

db:NVDid:CVE-2022-29458

Trust: 3.7

db:PACKETSTORMid:167488

Trust: 0.8

db:JVNDBid:JVNDB-2022-009766

Trust: 0.8

db:AUSCERTid:ESB-2022.5451

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:AUSCERTid:ESB-2023.3001

Trust: 0.6

db:CNNVDid:CNNVD-202204-3736

Trust: 0.6

db:VULHUBid:VHN-420992

Trust: 0.1

db:VULMONid:CVE-2022-29458

Trust: 0.1

db:PACKETSTORMid:172500

Trust: 0.1

db:PACKETSTORMid:180043

Trust: 0.1

sources: VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // PACKETSTORM: 167488 // PACKETSTORM: 172500 // PACKETSTORM: 180043 // CNNVD: CNNVD-202204-3736 // NVD: CVE-2022-29458

REFERENCES

url:https://support.apple.com/kb/ht213488

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.8

url:https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html

Trust: 1.8

url:https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29458

Trust: 1.1

url:https://cxsecurity.com/cveshow/cve-2022-29458/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5451

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://vigilance.fr/vulnerability/ncurses-out-of-bounds-memory-reading-via-convert-strings-38580

Trust: 0.6

url:https://packetstormsecurity.com/files/167488/ubuntu-security-notice-usn-5477-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213488

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3001

Trust: 0.6

url:https://ubuntu.com/security/notices/usn-5477-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-39537

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-29491

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19211

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6099-1

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://security.gentoo.org/glsa/202408-19

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-420992 // VULMON: CVE-2022-29458 // JVNDB: JVNDB-2022-009766 // PACKETSTORM: 167488 // PACKETSTORM: 172500 // PACKETSTORM: 180043 // CNNVD: CNNVD-202204-3736 // NVD: CVE-2022-29458

CREDITS

Ubuntu

Trust: 0.2

sources: PACKETSTORM: 167488 // PACKETSTORM: 172500

SOURCES

db:VULHUBid:VHN-420992
db:VULMONid:CVE-2022-29458
db:JVNDBid:JVNDB-2022-009766
db:PACKETSTORMid:167488
db:PACKETSTORMid:172500
db:PACKETSTORMid:180043
db:CNNVDid:CNNVD-202204-3736
db:NVDid:CVE-2022-29458

LAST UPDATE DATE

2024-08-15T10:30:59.418000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420992date:2022-11-08T00:00:00
db:VULMONid:CVE-2022-29458date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2022-009766date:2023-08-08T07:21:00
db:CNNVDid:CNNVD-202204-3736date:2023-05-24T00:00:00
db:NVDid:CVE-2022-29458date:2023-11-07T03:46:02.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-420992date:2022-04-18T00:00:00
db:VULMONid:CVE-2022-29458date:2022-04-18T00:00:00
db:JVNDBid:JVNDB-2022-009766date:2023-08-08T00:00:00
db:PACKETSTORMid:167488date:2022-06-19T16:42:23
db:PACKETSTORMid:172500date:2023-05-23T13:56:02
db:PACKETSTORMid:180043date:2024-08-09T15:12:20
db:CNNVDid:CNNVD-202204-3736date:2022-04-18T00:00:00
db:NVDid:CVE-2022-29458date:2022-04-18T21:15:07.600