Headline
CVE-2022-29458: Re: An illegal memory access in ncurses, tic
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
From:
Thomas Dickey
Subject:
Re: An illegal memory access in ncurses, tic
Date:
Sat, 16 Apr 2022 19:35:09 -0400
User-agent:
Mutt/1.10.1 (2018-07-13)
On Sat, Apr 16, 2022 at 04:55:06PM -0400, Thomas Dickey wrote:
On Sat, Apr 16, 2022 at 09:19:48PM +0800, 郑晗 wrote: > Dear developers, > > I’m a security researcher and is now trying to test my new fuzzer. I’ve > just found an illegal memory access in the latest commit of ncurse, tic. > Here are the informations: > > (1) environment > Ubuntu 20.04.3 LTS > gcc 9.3.0 > ncurse latest commit 74b10d4a30eec8feb66a4b94a72da65be0048447, tag > v6_3_20220409 > > > (2) step to reproduce: > export CFLAGS="-fsanitze=address -g" > export CXXFLAGS="-fsanitize=address -g" > ./configure && make -j$(nproc) > ./prog/tic -o /dev/null $POC
I can reproduce the problem, but the command is incorrect. With that command, tic will exit (because /dev/null is not a directory) before getting into the area which produces these messages.
I have a simple fix for the immediate problem, but can see that there’s some additional (time-consuming) investigation needed.
– Thomas E. Dickey [email protected] https://invisible-island.net ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature
An illegal memory access in ncurses, tic, 郑晗, 2022/04/16
- Re: An illegal memory access in ncurses, tic, Thomas Dickey, 2022/04/16
- Re: An illegal memory access in ncurses, tic, Thomas Dickey <=
- Re: An illegal memory access in ncurses, tic, 郑晗, 2022/04/17
- Re: An illegal memory access in ncurses, tic, Thomas Dickey <=
- Re: An illegal memory access in ncurses, tic, Thomas Dickey, 2022/04/16
Prev by Date: Re: An illegal memory access in ncurses, tic
Next by Date: ANN: ncurses-6.3-20220416
Previous by thread: Re: An illegal memory access in ncurses, tic
Next by thread: Re: An illegal memory access in ncurses, tic
Index(es):
- Date
- Thread
Related news
Gentoo Linux Security Advisory 202408-19 - Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service. Versions greater than or equal to 6.4_p20230408 are affected.
Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
Ubuntu Security Notice 5477-1 - Hosein Askari discovered that ncurses was incorrectly performing memory management operations when dealing with long filenames while writing structures into the file system. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Chung-Yi Lin discovered that ncurses was incorrectly handling access to invalid memory areas when parsing terminfo or termcap entries where the use-name had invalid syntax. An attacker could possibly use this issue to cause a denial of service.