Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 4, 2024
CVE-2021-39537
CVE-2021-39537
Description
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Affected products
14- ncurses/ncursesdescription
- osv-coords13 versionspkg:rpm/opensuse/ncurses&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ncurses&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP2pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 6.1-lp152.8.3.1+ 12 more
- (no CPE)range: < 6.1-lp152.8.3.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 6.1-5.9.1
- (no CPE)range: < 5.9-75.1
- (no CPE)range: < 5.9-75.1
- (no CPE)range: < 5.9-75.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- seclists.org/fulldisclosure/2022/Oct/28mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/41mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/43mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/45mitremailing-list
- lists.debian.org/debian-lts-announce/2023/12/msg00004.htmlmitremailing-list
- cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.cmitre
- lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.htmlmitre
- lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.htmlmitre
- security.netapp.com/advisory/ntap-20230427-0012/mitre
- support.apple.com/kb/HT213443mitre
- support.apple.com/kb/HT213444mitre
- support.apple.com/kb/HT213488mitre
News mentions
0No linked articles in our index yet.