CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in...

The primary evidence for the vulnerable function convert_strings comes from the CVE description itself and the detailed ASAN crash report provided in the bug-ncurses mailing list archive (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html). The stack trace pinpoints convert_strings in ncurses/tinfo/read_entry.c as the location of the segmentation fault due to an out-of-bounds read. The subsequent patch announcement (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00017.html) confirms that a fix involving adding limit-checks was applied to ncurses/tinfo/read_entry.c to address this issue with corrupt terminfo data. The functions _nc_read_termtype and _nc_read_file_entry are identified from the same stack trace as part of the call chain leading to the vulnerable function; they process and pass the data that triggers the vulnerability in convert_strings. The confidence for convert_strings is high due to direct mention and crash data. For the other functions, confidence is lower as they are part of the exploit path but not the site of the bug itself.