CVE-2022-29458 – CVE-2022-29458 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2022-29458?

CVE-2022-29458 has a CVSS score of 7.1 (HIGH). CVE-2022-29458 is an out-of-bounds read vulnerability in ncurses' terminfo library that can cause segmentation faults and potentially lead to information disclosure or denial of service. This affects applications using ncurses 6.3 before patch 20220416, particularly those processing malformed terminfo entries. Systems with ncurses-based terminal applications are vulnerable.

📋 TL;DR

CVE-2022-29458 is an out-of-bounds read vulnerability in ncurses' terminfo library that can cause segmentation faults and potentially lead to information disclosure or denial of service. This affects applications using ncurses 6.3 before patch 20220416, particularly those processing malformed terminfo entries. Systems with ncurses-based terminal applications are vulnerable.

💻 Affected Systems

Products:

ncurses
applications using ncurses library

Versions: ncurses 6.3 before patch 20220416

Operating Systems: Linux, Unix-like systems, BSD variants

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing terminfo entries via convert_strings function; requires applications to read malformed terminfo data.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Ncurses by Gnu

View all CVEs affecting Ncurses →

Ncurses by Gnu

View all CVEs affecting Ncurses →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise, though this is unlikely given the nature of the vulnerability.

🟠

Likely Case

Denial of service through application crashes (segmentation faults) when processing malicious terminfo data, potentially disrupting terminal applications.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing; crashes contained to affected processes without system-wide effects.

🌐 Internet-Facing: LOW - Requires specific conditions where terminfo data can be supplied externally; most internet-facing services don't expose this functionality.

🏢 Internal Only: MEDIUM - Internal applications processing user-supplied terminfo data could be vulnerable to DoS attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to supply malformed terminfo data to vulnerable applications; proof-of-concepts demonstrate crash/DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ncurses 6.3 with patch 20220416 or later

Vendor Advisory: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html

Restart Required: Yes

Instructions:

1. Update ncurses package through system package manager (apt-get update && apt-get upgrade ncurses on Debian/Ubuntu, yum update ncurses on RHEL/CentOS). 2. Recompile any statically linked applications. 3. Restart affected services using ncurses.

🔧 Temporary Workarounds

Input validation for terminfo data

linux

Implement strict validation of terminfo entries before processing

Application sandboxing

linux

Run ncurses applications with reduced privileges using containers or sandboxes

docker run --security-opt=no-new-privileges -u nobody <application>

🧯 If You Can't Patch

Restrict access to terminfo database directories (typically /usr/share/terminfo, /lib/terminfo)
Monitor for crashes in ncurses applications and implement rate limiting on terminfo processing

🔍 How to Verify

Check if Vulnerable:

Check ncurses version: dpkg -l | grep ncurses (Debian/Ubuntu) or rpm -qa | grep ncurses (RHEL/CentOS). Version should be 6.3-20220416 or later.

Check Version:

ncurses6-config --version || pkg-config --modversion ncurses

Verify Fix Applied:

Test with known malformed terminfo data; application should handle gracefully without crashing.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault (core dumped) messages in system logs
Application crashes with signal 11 (SIGSEGV)

Network Indicators:

Unusual terminfo data transfers to applications

SIEM Query:

source="syslog" AND "segmentation fault" AND ("ncurses" OR "terminfo")

📊 Metadata

CVE ID: CVE-2022-29458

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: April 18, 2022

Last Updated: June 9, 2025

🔗 References

http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html Mailing List,Third Party Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html Exploit,Mailing List,Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html Mailing List,Vendor Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/28
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html Mailing List,Third Party Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html Exploit,Mailing List,Vendor Advisory
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html Mailing List,Vendor Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29458, you might also want to check these: