{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-39537", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T02:06:42.632Z", "dateReserved": "2021-08-23T00:00:00", "datePublished": "2021-09-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-03T20:06:14.375502"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html"}, {"url": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup"}, {"url": "https://support.apple.com/kb/HT213443"}, {"url": "https://support.apple.com/kb/HT213444"}, {"url": "https://support.apple.com/kb/HT213488"}, {"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/41"}, {"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/28"}, {"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/43"}, {"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/45"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0012/"}, {"name": "[debian-lts-announce] 20231203 [SECURITY] [DLA 3682-1] ncurses security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:06:42.632Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html", "tags": ["x_transferred"]}, {"url": "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html", "tags": ["x_transferred"]}, {"url": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213443", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213444", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213488", "tags": ["x_transferred"]}, {"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/41"}, {"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/28"}, {"name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/43"}, {"name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/45"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0012/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20231203 [SECURITY] [DLA 3682-1] ncurses security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:*", "matchCriteriaId": "A503C728-34E7-46FB-B7FE-0098E21DEB95", "versionEndIncluding": "6.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "E84CE847-550E-445B-8972-2FB5BCF6B04F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:11.7:*:*:*:*:*:*:*", "matchCriteriaId": "F88F919B-09C2-433C-B416-24E3A8664045", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "669C9F3E-1DE9-4770-B611-04404D3A19D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."}, {"lang": "es", "value": "Se ha detectado un problema en ncurses versiones hasta v6.2-1. La funci\u00f3n _nc_captoinfo en el archivo captoinfo.c presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria"}], "id": "CVE-2021-39537", "lastModified": "2023-12-03T20:15:06.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-20T16:15:12.477", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/28"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/41"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/43"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/45"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230427-0012/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213443"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213444"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213488"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", "id": "2006978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006978"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.", "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability."], "mitigation": {"lang": "en:us", "value": "Do not compile untrusted terminfo descriptions."}, "name": "CVE-2021-39537", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ncurses", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-08-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-39537\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-39537\nhttps://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html"], "statement": "Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.", "threat_severity": "Low", "upstream_fix": "ncurses 6.2.2"}