---

CVE-2021-39537 - log back

CVE-2021-39537 edited at 04 Apr 2022 20:57:55
Type	- Arbitrary code execution + Denial of service
Description	- An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. + The ncurses package (tic) is susceptible to a heap-based buffer overflow on crafted input affecting the _nc_captoinfo function in captoinfo.c. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw.
References	+ http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html + https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00022.html

CVE-2021-39537 edited at 21 Sep 2021 08:51:17
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
References	+ https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
Notes

CVE-2021-39537 created at 21 Sep 2021 08:50:26