中危 ncurses 缓冲区错误漏洞(CVE-2022-29458)
CVE编号
CVE-2022-29458利用情况
暂无补丁情况
官方补丁披露时间
2022-04-19漏洞描述
ncurses是一个字符终端处理库,它能够提供一系列函数以供用户调用并生成基于文本的用户界面。 ncurses 6.3 存在安全漏洞,该漏洞源于 在 terminfo 库的 tinfo/read_entry.c 中的 convert_strings 中存在越界读取和分段违规。解决建议
目前厂商暂未发布修复措施解决此安全问题,建议用户随时关注厂商主页或参考网址以获取解决办法:https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnu | ncurses | * | Up to (excluding) 6.3 | |||||
| 运行在以下环境 | |||||||||
| 应用 | gnu | ncurses | 6.3 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | ncurses | * | Up to (excluding) 6.2_p20210109-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | ncurses | * | Up to (excluding) 6.2_p20210612-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | ncurses | * | Up to (excluding) 6.3_p20211120-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | ncurses | * | Up to (excluding) 6.3_p20220416-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | ncurses | * | Up to (excluding) 6.3_p20220416-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | ncurses | * | Up to (excluding) 6.3_p20220416-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | ncurses | * | Up to (excluding) 6.3_p20220416-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | ncurses | * | Up to (excluding) 6.0-8.20170212.amzn2.1.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2022 | ncurses | * | Up to (excluding) 6.2-4.20200222.amzn2022.0.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2023 | ncurses | * | Up to (excluding) 6.2-4.20200222.amzn2023.0.3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | ncurses | * | Up to (excluding) 6.1+20181013-2+deb10u3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | ncurses | * | Up to (excluding) 6.2+20201114-2+deb11u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | ncurses | * | Up to (excluding) 6.3+20220423-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | ncurses | * | Up to (including) 6.0+20161126-1+deb9u2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | ncurses | * | Up to (excluding) 6.3+20220423-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP1 | ncurses | * | Up to (excluding) 6.2-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP2 | ncurses | * | Up to (excluding) 6.2-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP1 | ncurses | * | Up to (excluding) 6.2-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP2 | ncurses | * | Up to (excluding) 6.2-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_5.2 | ncurses-utils | * | Up to (excluding) 6.1-150000.5.12.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | ncurses-devel-32bit | * | Up to (excluding) 6.1-150000.5.12.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.4 | ncurses-devel-32bit | * | Up to (excluding) 6.1-150000.5.12.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | ncurses-devel | * | Up to (excluding) 5.9-78.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | ncurses | * | Up to (excluding) 6.1-1ubuntu1.18.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20.04 | ncurses | * | Up to (excluding) 6.2-0ubuntu2.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_22.04 | ncurses | * | Up to (excluding) 6.3-2ubuntu0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | unionos_d | ncurses | * | Up to (excluding) 6.1.2-deepin1 | |||||
- 攻击路径 本地
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-125 | 跨界内存读 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论