2006978 – (CVE-2021-39537) CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

Bug 2006978 (CVE-2021-39537) - CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

Summary: CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in capt...

Keywords:
Status:	NEW
Alias:	CVE-2021-39537
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2007372 2007373 2007374 2007620 2007633 2007637 2007638
Blocks:	2006979
TreeView+	depends on / blocked

Reported:	2021-09-22 18:47 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-02-20 04:29 UTC (History)
CC List:	11 users (show)
Fixed In Version:	ncurses 6.2.2
Doc Type:	No Doc Update
Doc Text:	A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	devthomp: needinfo-

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-09-22 18:47:17 UTC

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Reference:
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html

Comment 3 devthomp 2021-09-23 18:05:20 UTC

full patch with fix:
https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340

Of note:
+ add a check for end-of-string in cvtchar to handle a malformed
  string in infotocap (report/testcase by "puppet-meteor").

Comment 4 juneau 2021-09-24 12:39:24 UTC

Marking managed services affected/delegated. Code is present but impact is moderate.

Note You need to log in before you can comment on or make changes to this bug.