{"id":"CVE-2022-29458","details":"ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.","modified":"2026-04-10T04:47:14.360908Z","published":"2022-04-18T21:15:07.600Z","related":["CGA-pw6r-gj68-hjch","SUSE-SU-2022:2717-1","SUSE-SU-2022:2717-2","SUSE-SU-2022:2718-1","openSUSE-SU-2024:12020-1"],"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Oct/28"},{"type":"ADVISORY","url":"https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213488"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Oct/41"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html"},{"type":"EVIDENCE","url":"https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mirror/ncurses","events":[{"introduced":"0"},{"fixed":"deb0d07e8eb4803b9e9653359eab17a30d04369d"},{"introduced":"0"},{"last_affected":"deb0d07e8eb4803b9e9653359eab17a30d04369d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.3"},{"introduced":"0"},{"last_affected":"6.3-NA"}]}}],"versions":["v4.1","v4.2","v5.0","v5.1","v5.2","v5.3","v5.4","v5.5","v5.6","v5.7","v5.8","v5.9","v6.0","v6.1","v6.2","v6.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"13.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29458.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}