StarlingX

[Debian] CVE: CVE-2022-29458: ncurses: an out-of-bounds read

Bug #2021477 reported by Yue Tao on 2023-05-29

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	hqbai

Bug Description

CVE-2022-29458: https://nvd.nist.gov/vuln/detail/CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Base Score: High

References:

https://security-tracker.debian.org/tracker/CVE-2022-29458

['libncursesw5-dev_6.2+20201114-2_amd64.deb===>libncursesw5-dev_6.2+20201114-2+deb11u1_amd64.deb', 'libncurses6_6.2+20201114-2_amd64.deb===>libncurses6_6.2+20201114-2+deb11u1_amd64.deb', 'libncursesw6_6.2+20201114-2_amd64.deb===>libncursesw6_6.2+20201114-2+deb11u1_amd64.deb', 'libtinfo6_6.2+20201114-2_amd64.deb===>libtinfo6_6.2+20201114-2+deb11u1_amd64.deb', 'ncurses-base_6.2+20201114-2_all.deb===>ncurses-base_6.2+20201114-2+deb11u1_all.deb', 'ncurses-bin_6.2+20201114-2_amd64.deb===>ncurses-bin_6.2+20201114-2+deb11u1_amd64.deb']

Tags:

CVE References

2022-29458

hqbai (hbai) on 2023-06-13

Changed in starlingx:
assignee:	nobody → hqbai (hbai)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-16: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/886235

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2023-08-21:

Marking as Fix Released. https://review.opendev.org/c/starlingx/tools/+/886235 merged on June 24.

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.