Open mend-bolt-for-github[bot] opened 2 years ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2022-29458 - High Severity Vulnerability
Vulnerable Library - ncursesncurses-6.5
Gnu Distributions
Library home page: https://ftp.gnu.org/gnu/ncurses?wsslib=ncurses
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/3.2, master
Vulnerable Source Files (2)
/contrib/ncurses/ncurses/tinfo/read_entry.c /contrib/ncurses/ncurses/tinfo/read_entry.c
Vulnerability Details
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Publish Date: 2022-04-18
URL: CVE-2022-29458
CVSS 3 Score Details (7.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-29458
Release Date: 2022-04-18
Fix Resolution: libncurses-dev - 6.3+20220423-1;lib32ncurses-dev - 6.3+20220423-1;libtinfo6-udeb - 6.3+20220423-1;lib32ncurses5-dev - 6.3+20220423-1;lib32ncurses5 - 6.3+20220423-1;lib32ncurses6 - 6.3+20220423-1;lib64ncurses5-dev - 6.3+20220423-1;libncursesw5 - 6.3+20220423-1;libncursesw6 - 6.3+20220423-1;libncurses5-dbg - 6.3+20220423-1;libncurses5-dev - 6.3+20220423-1;libncurses6-dbg - 6.3+20220423-1;lib32tinfo-dev - 6.3+20220423-1;lib64ncurses5 - 6.3+20220423-1;lib64ncurses6 - 6.3+20220423-1;lib64ncursesw6 - 6.3+20220423-1;lib32tinfo5 - 6.3+20220423-1;lib32tinfo6 - 6.3+20220423-1;ncurses-bin - 6.3+20220423-1;ncurses-doc - 6.3+20220423-1;lib32ncursesw5-dev - 6.3+20220423-1;lib64ncurses-dev - 6.3+20220423-1;libtinfo5-dbg - 6.3+20220423-1;libtinfo6-dbg - 6.3+20220423-1;libncursesw5-dbg - 6.3+20220423-1;libncursesw5-dev - 6.3+20220423-1;libncursesw6-dbg - 6.3+20220423-1;libncursesw6-udeb - 6.3+20220423-1;libtinfo5 - 6.3+20220423-1;libtinfo6 - 6.3+20220423-1;lib64tinfo5 - 6.3+20220423-1;lib64tinfo6 - 6.3+20220423-1;libtinfo5-udeb - 6.3+20220423-1;libtinfo-dev - 6.3+20220423-1;ncurses-base - 6.3+20220423-1;ncurses-term - 6.3+20220423-1;libncurses5 - 6.3+20220423-1;libncurses6 - 6.3+20220423-1;lib32ncursesw5 - 6.3+20220423-1;lib32ncursesw6 - 6.3+20220423-1;ncurses-examples - 6.3+20220423-1
Step up your Open Source Security Game with Mend here