CVE-2021-39537 - log back

CVE-2021-39537 edited at 04 Apr 2022 20:57:55
Type
- Arbitrary code execution
+ Denial of service
Description
- An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
+ The ncurses package (tic) is susceptible to a heap-based buffer overflow on crafted input affecting the _nc_captoinfo function in captoinfo.c. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw.
References
+ http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
+ https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00022.html
CVE-2021-39537 edited at 21 Sep 2021 08:51:17
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
References
+ https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
Notes
CVE-2021-39537 created at 21 Sep 2021 08:50:26