CVE-2021-39537

CVE-2021-39537

Name

CVE-2021-39537

Description

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
MISC	https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
MISC	http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List	http://seclists.org/fulldisclosure/2022/Oct/45
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230427-0012/
Third Party Advisory	https://support.apple.com/kb/HT213443
Third Party Advisory	https://support.apple.com/kb/HT213444
Third Party Advisory	https://support.apple.com/kb/HT213488

Type

URI

MISC

https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html

MISC

https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html

MISC

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup

Mailing List

http://seclists.org/fulldisclosure/2022/Oct/28

Mailing List

http://seclists.org/fulldisclosure/2022/Oct/41

Mailing List

http://seclists.org/fulldisclosure/2022/Oct/43

Mailing List

http://seclists.org/fulldisclosure/2022/Oct/45

cve@mitre.org

https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html

cve@mitre.org

https://security.netapp.com/advisory/ntap-20230427-0012/

Third Party Advisory

https://support.apple.com/kb/HT213443

Third Party Advisory

https://support.apple.com/kb/HT213444

Third Party Advisory

https://support.apple.com/kb/HT213488

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:ncurses::::::::`	ncurses	>= None	<= 6.2.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:*

ncurses

>= None

<= 6.2.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ncurses	edge-main	6.2_p20200530-r0	None	fixed
ncurses	edge-main	6.1_p20180414-r0	None	possibly vulnerable
ncurses	edge-main	6.0_p20171125-r0	None	possibly vulnerable
ncurses	edge-main	6.0_p20170701-r0	None	possibly vulnerable
ncurses	3.22-main	6.2_p20200530-r0	None	fixed
ncurses	3.22-main	6.1_p20180414-r0	None	possibly vulnerable
ncurses	3.22-main	6.0_p20171125-r0	None	possibly vulnerable
ncurses	3.22-main	6.0_p20170701-r0	None	possibly vulnerable
ncurses	3.21-main	6.2_p20200530-r0	None	fixed
ncurses	3.21-main	6.1_p20180414-r0	None	possibly vulnerable
ncurses	3.21-main	6.0_p20171125-r0	None	possibly vulnerable
ncurses	3.21-main	6.0_p20170701-r0	None	possibly vulnerable
ncurses	3.20-main	6.2_p20200530-r0	None	fixed
ncurses	3.20-main	6.1_p20180414-r0	None	possibly vulnerable
ncurses	3.20-main	6.0_p20171125-r0	None	possibly vulnerable
ncurses	3.20-main	6.0_p20170701-r0	None	possibly vulnerable
ncurses	3.19-main	6.2_p20200530-r0	None	fixed
ncurses	3.19-main	6.1_p20180414-r0	None	possibly vulnerable
ncurses	3.19-main	6.0_p20171125-r0	None	possibly vulnerable
ncurses	3.19-main	6.0_p20170701-r0	None	possibly vulnerable
ncurses	3.18-main	6.2_p20200530-r0	None	fixed
ncurses	3.17-main	6.2_p20200530-r0	None	fixed
ncurses	3.12-main	6.2_p20200523-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
ncurses	3.11-main	6.1_p20200118-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ncurses

edge-main

6.2_p20200530-r0

None

fixed

ncurses

edge-main