CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in...
7.1
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The primary evidence for the vulnerable function convert_strings
comes from the CVE description itself and the detailed ASAN crash report provided in the bug-ncurses
mailing list archive (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html). The stack trace pinpoints convert_strings
in ncurses/tinfo/read_entry.c
as the location of the segmentation fault due to an out-of-bounds read. The subsequent patch announcement (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00017.html) confirms that a fix involving adding limit-checks was applied to ncurses/tinfo/read_entry.c
to address this issue with corrupt terminfo data. The functions _nc_read_termtype
and _nc_read_file_entry
are identified from the same stack trace as part of the call chain leading to the vulnerable function; they process and pass the data that triggers the vulnerability in convert_strings
. The confidence for convert_strings
is high due to direct mention and crash data. For the other functions, confidence is lower as they are part of the exploit path but not the site of the bug itself.