839351 – (CVE-2022-29458) <sys-libs/ncurses-6.3_p20220423: segfaulting OOB read

Bug 839351 (CVE-2022-29458) - <sys-libs/ncurses-6.3_p20220423: segfaulting OOB read

Summary: <sys-libs/ncurses-6.3_p20220423: segfaulting OOB read

Status:	IN_PROGRESS

Alias:	CVE-2022-29458

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://lists.gnu.org/archive/html/bu...
Whiteboard:	A3 [glsa?]
Keywords:

Depends on:	842648
Blocks:
	Show dependency tree

Reported:	2022-04-19 02:01 UTC by John Helmert III
Modified:	2023-10-08 08:12 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-04-19 02:01:13 UTC

CVE-2022-29458 (https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html):

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

Fixed according to [1] but I can't find a git repo.

[1] https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00018.html

Comment 1 Larry the Git Cow gentoo-dev

2022-04-28 00:46:44 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=638b787bdb4744f8ea4357388110a5c7f226e3b5

commit 638b787bdb4744f8ea4357388110a5c7f226e3b5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-28 00:45:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-28 00:46:37 +0000

    sys-libs/ncurses: add 6.3_p20220423{,-r1} (unkeyworded)
    
    Includes FORTIFY_SOURCE=3 (glibc-2.35 + gcc 12+ or Clang 13(?)+ needed for that,
    plus not on by default) and a buffer overflow fix too.
    
    Includes -r1 w/ dropped curses symlink too.
    
    Unkeyworded for now.
    
    Bug: https://bugs.gentoo.org/839351
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/ncurses/Manifest                        |  52 +++
 sys-libs/ncurses/ncurses-6.3_p20220423-r1.ebuild | 386 +++++++++++++++++++++++
 sys-libs/ncurses/ncurses-6.3_p20220423.ebuild    | 383 ++++++++++++++++++++++
 3 files changed, 821 insertions(+)

Comment 2 Sam James archtester

2022-04-28 01:37:08 UTC

Note that I'm stabling an earlier version in bug 841398 which doesn't fix this in order to reduce the jumps because that version has been well tested.

Then we can see about unleashing this version into ~arch.

Comment 3 Larry the Git Cow gentoo-dev

2022-05-03 02:47:00 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6b2461de765e25d009178b6c14a678eb6ed6cbf

commit a6b2461de765e25d009178b6c14a678eb6ed6cbf
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-03 02:46:48 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-03 02:46:48 +0000

    sys-libs/ncurses: keyword 6.3_p20220423
    
    Bug: https://bugs.gentoo.org/839351
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/ncurses/ncurses-6.3_p20220423.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 4 John Helmert III archtester

2022-05-14 21:38:53 UTC

Please cleanup

Comment 5 Hans de Graaff gentoo-dev

2023-10-08 08:12:09 UTC

commit 7a8c3fa265d02fa74b8881a4dca3cfeb9d8a938c
Author: Sam James <sam@gentoo.org>
Date:   Thu Jun 29 07:17:05 2023 +0100

    sys-libs/ncurses: drop 6.3_p20221203-r2