CVE-2021-39537
HIGHncurses < 6.2.1 - Heap-Based Buffer Overflow in _nc_captoinfo
Title source: llmDescription
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
References (12)
Core 12
Core References
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
Patch, Third Party Advisory
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
Exploit, Mailing List, Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
Mailing List, Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
Third Party Advisory
https://support.apple.com/kb/HT213443
Third Party Advisory
https://support.apple.com/kb/HT213444
Third Party Advisory
https://support.apple.com/kb/HT213488
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230427-0012/
Scores
CVSS v3
8.8
EPSS
0.0037
EPSS Percentile
58.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (4)
apple/mac_os_x
10.12.6
apple/macos
11.7
apple/macos
13.0
gnu/ncurses
< 6.2.1
Published
Sep 20, 2021
Tracked Since
Feb 18, 2026