Miggo Logo

CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in...

7.1

CVSS Score
3.1

Basic Information

EPSS Score
0.06413%
Published
4/19/2022
Updated
1/30/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The primary evidence for the vulnerable function convert_strings comes from the CVE description itself and the detailed ASAN crash report provided in the bug-ncurses mailing list archive (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html). The stack trace pinpoints convert_strings in ncurses/tinfo/read_entry.c as the location of the segmentation fault due to an out-of-bounds read. The subsequent patch announcement (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00017.html) confirms that a fix involving adding limit-checks was applied to ncurses/tinfo/read_entry.c to address this issue with corrupt terminfo data. The functions _nc_read_termtype and _nc_read_file_entry are identified from the same stack trace as part of the call chain leading to the vulnerable function; they process and pass the data that triggers the vulnerability in convert_strings. The confidence for convert_strings is high due to direct mention and crash data. For the other functions, confidence is lower as they are part of the exploit path but not the site of the bug itself.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

n*urs*s *.* ***or* p*t** ******** **s *n out-o*-*oun*s r*** *n* s**m*nt*tion viol*tion in *onv*rt_strin*s in tin*o/r***_*ntry.* in t** t*rmin*o li*r*ry.

Reasoning

T** prim*ry *vi**n** *or t** vuln*r**l* *un*tion `*onv*rt_strin*s` *om*s *rom t** *V* **s*ription its*l* *n* t** **t*il** *S*N *r*s* r*port provi*** in t** `*u*-n*urs*s` m*ilin* list *r**iv* (*ttps://lists.*nu.or*/*r**iv*/*tml/*u*-n*urs*s/****-**/ms*