CVE-2022-29458 | ncurses-base (CWE-125)

[ckalpakoglu]

Due Date: 0001-01-01

A low severity vulnerability has been discovered in your project.

Project Name: infra_duplicate_test

Scanner Name: trivy

Cwe ID: 125

Cwe Name: Out-of-bounds Read

Cwe Link: https://cwe.mitre.org/data/definitions/125.html

CVE ID: CVE-2022-29458

Target: ubuntu:latest (ubuntu 22.04)

Packages:

• ncurses-base : 6.3-2 - Fixed Version:

References:

• http://seclists.org/fulldisclosure/2022/Oct/41
• https://access.redhat.com/security/cve/CVE-2022-29458
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
• https://invisible-island.net/ncurses/NEWS.html#t20220416
• https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html
• https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
• https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
• https://nvd.nist.gov/vuln/detail/CVE-2022-29458
• https://support.apple.com/kb/HT213488
• https://ubuntu.com/security/notices/USN-5477-1

Tool Description: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Custom Description: test

Kondukto Link: https://82.kondukto.local/projects/636249c73ffe9321df1a2823/vulns/appsec?page=1&perPage=15&id=in:63e4e1b7ea3ee2b41b8d86ea
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458

[ckalpakoglu]

The issue has been closed by Kondukto since it is marked as won't fix.

[ckalpakoglu]

The issue has been reopened by Kondukto since its won't fix/mitigated status has been removed.