Headline
CVE-2022-29458: Re: An illegal memory access in ncurses, tic
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
From:
Thomas Dickey
Subject:
Re: An illegal memory access in ncurses, tic
Date:
Sat, 16 Apr 2022 19:35:09 -0400
User-agent:
Mutt/1.10.1 (2018-07-13)
On Sat, Apr 16, 2022 at 04:55:06PM -0400, Thomas Dickey wrote:
On Sat, Apr 16, 2022 at 09:19:48PM +0800, 郑晗 wrote: > Dear developers, > > I’m a security researcher and is now trying to test my new fuzzer. I’ve > just found an illegal memory access in the latest commit of ncurse, tic. > Here are the informations: > > (1) environment > Ubuntu 20.04.3 LTS > gcc 9.3.0 > ncurse latest commit 74b10d4a30eec8feb66a4b94a72da65be0048447, tag > v6_3_20220409 > > > (2) step to reproduce: > export CFLAGS="-fsanitze=address -g" > export CXXFLAGS="-fsanitize=address -g" > ./configure && make -j$(nproc) > ./prog/tic -o /dev/null $POC
I can reproduce the problem, but the command is incorrect. With that command, tic will exit (because /dev/null is not a directory) before getting into the area which produces these messages.
I have a simple fix for the immediate problem, but can see that there’s some additional (time-consuming) investigation needed.
– Thomas E. Dickey [email protected] https://invisible-island.net ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature
An illegal memory access in ncurses, tic, 郑晗, 2022/04/16
- Re: An illegal memory access in ncurses, tic, Thomas Dickey, 2022/04/16
- Re: An illegal memory access in ncurses, tic, Thomas Dickey <=
- Re: An illegal memory access in ncurses, tic, 郑晗, 2022/04/17
- Re: An illegal memory access in ncurses, tic, Thomas Dickey <=
- Re: An illegal memory access in ncurses, tic, Thomas Dickey, 2022/04/16
Prev by Date: Re: An illegal memory access in ncurses, tic
Next by Date: ANN: ncurses-6.3-20220416
Previous by thread: Re: An illegal memory access in ncurses, tic
Next by thread: Re: An illegal memory access in ncurses, tic
Index(es):
- Date
- Thread