VARIoT IoT vulnerabilities database
| VAR-202204-0632 | CVE-2022-29458 | ncurses Out-of-bounds read vulnerability in |
CVSS V2: 5.8 CVSS V3: 7.1 Severity: HIGH |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. (CVE-2019-17594). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: ncurses: Multiple Vulnerabilities
Date: August 09, 2024
Bugs: #839351, #904247
ID: 202408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in ncurses, the worst of
which could lead to a denial of service.
Background
=========
Free software emulation of curses in System V.
Affected packages
================
Package Vulnerable Unaffected
----------------------- --------------- ----------------
sys-libs/ncurses < 6.4_p20230408 >= 6.4_p20230408
sys-libs/ncurses-compat < 6.4_p20240330 >= 6.4_p20240330
Description
==========
Multiple vulnerabilities have been discovered in ncurses. Please review
the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All ncurses users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408"
# emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330"
References
=========
[ 1 ] CVE-2022-29458
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
[ 2 ] CVE-2023-29491
https://nvd.nist.gov/vuln/detail/CVE-2023-29491
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202408-19
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-6099-1
May 23, 2023
ncurses vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in ncurses.
Software Description:
- ncurses: shared libraries for terminal handling
Details:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)
It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)
It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)
It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)
It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
lib32ncurses6 6.4-2ubuntu0.1
lib32ncursesw6 6.4-2ubuntu0.1
lib32tinfo6 6.4-2ubuntu0.1
lib64ncurses6 6.4-2ubuntu0.1
lib64ncursesw6 6.4-2ubuntu0.1
lib64tinfo6 6.4-2ubuntu0.1
libncurses5 6.4-2ubuntu0.1
libncurses6 6.4-2ubuntu0.1
libncursesw5 6.4-2ubuntu0.1
libncursesw6 6.4-2ubuntu0.1
libtinfo5 6.4-2ubuntu0.1
libtinfo6 6.4-2ubuntu0.1
ncurses-bin 6.4-2ubuntu0.1
Ubuntu 22.10:
lib32ncurses6 6.3+20220423-2ubuntu0.1
lib32ncursesw6 6.3+20220423-2ubuntu0.1
lib32tinfo6 6.3+20220423-2ubuntu0.1
lib64ncurses6 6.3+20220423-2ubuntu0.1
lib64ncursesw6 6.3+20220423-2ubuntu0.1
lib64tinfo6 6.3+20220423-2ubuntu0.1
libncurses5 6.3+20220423-2ubuntu0.1
libncurses6 6.3+20220423-2ubuntu0.1
libncursesw5 6.3+20220423-2ubuntu0.1
libncursesw6 6.3+20220423-2ubuntu0.1
libtinfo5 6.3+20220423-2ubuntu0.1
libtinfo6 6.3+20220423-2ubuntu0.1
ncurses-bin 6.3+20220423-2ubuntu0.1
Ubuntu 22.04 LTS:
lib32ncurses6 6.3-2ubuntu0.1
lib32ncursesw6 6.3-2ubuntu0.1
lib32tinfo6 6.3-2ubuntu0.1
lib64ncurses6 6.3-2ubuntu0.1
lib64ncursesw6 6.3-2ubuntu0.1
lib64tinfo6 6.3-2ubuntu0.1
libncurses5 6.3-2ubuntu0.1
libncurses6 6.3-2ubuntu0.1
libncursesw5 6.3-2ubuntu0.1
libncursesw6 6.3-2ubuntu0.1
libtinfo5 6.3-2ubuntu0.1
libtinfo6 6.3-2ubuntu0.1
ncurses-bin 6.3-2ubuntu0.1
Ubuntu 20.04 LTS:
lib32ncurses6 6.2-0ubuntu2.1
lib32ncursesw6 6.2-0ubuntu2.1
lib32tinfo6 6.2-0ubuntu2.1
lib64ncurses6 6.2-0ubuntu2.1
lib64ncursesw6 6.2-0ubuntu2.1
lib64tinfo6 6.2-0ubuntu2.1
libncurses5 6.2-0ubuntu2.1
libncurses6 6.2-0ubuntu2.1
libncursesw5 6.2-0ubuntu2.1
libncursesw6 6.2-0ubuntu2.1
libtinfo5 6.2-0ubuntu2.1
libtinfo6 6.2-0ubuntu2.1
ncurses-bin 6.2-0ubuntu2.1
Ubuntu 18.04 LTS:
lib32ncurses5 6.1-1ubuntu1.18.04.1
lib32ncursesw5 6.1-1ubuntu1.18.04.1
lib32tinfo5 6.1-1ubuntu1.18.04.1
lib64ncurses5 6.1-1ubuntu1.18.04.1
lib64tinfo5 6.1-1ubuntu1.18.04.1
libncurses5 6.1-1ubuntu1.18.04.1
libncursesw5 6.1-1ubuntu1.18.04.1
libtinfo5 6.1-1ubuntu1.18.04.1
libx32ncurses5 6.1-1ubuntu1.18.04.1
libx32ncursesw5 6.1-1ubuntu1.18.04.1
libx32tinfo5 6.1-1ubuntu1.18.04.1
ncurses-bin 6.1-1ubuntu1.18.04.1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.0+20160213-1ubuntu1+esm3
lib32ncursesw5 6.0+20160213-1ubuntu1+esm3
lib32tinfo5 6.0+20160213-1ubuntu1+esm3
lib64ncurses5 6.0+20160213-1ubuntu1+esm3
lib64tinfo5 6.0+20160213-1ubuntu1+esm3
libncurses5 6.0+20160213-1ubuntu1+esm3
libncursesw5 6.0+20160213-1ubuntu1+esm3
libtinfo5 6.0+20160213-1ubuntu1+esm3
libx32ncurses5 6.0+20160213-1ubuntu1+esm3
libx32ncursesw5 6.0+20160213-1ubuntu1+esm3
libx32tinfo5 6.0+20160213-1ubuntu1+esm3
ncurses-bin 6.0+20160213-1ubuntu1+esm3
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 5.9+20140118-1ubuntu1+esm3
lib32ncursesw5 5.9+20140118-1ubuntu1+esm3
lib32tinfo5 5.9+20140118-1ubuntu1+esm3
lib64ncurses5 5.9+20140118-1ubuntu1+esm3
lib64tinfo5 5.9+20140118-1ubuntu1+esm3
libncurses5 5.9+20140118-1ubuntu1+esm3
libncursesw5 5.9+20140118-1ubuntu1+esm3
libtinfo5 5.9+20140118-1ubuntu1+esm3
libx32ncurses5 5.9+20140118-1ubuntu1+esm3
libx32ncursesw5 5.9+20140118-1ubuntu1+esm3
libx32tinfo5 5.9+20140118-1ubuntu1+esm3
ncurses-bin 5.9+20140118-1ubuntu1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6099-1
CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458,
CVE-2023-29491
Package Information:
https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1
| VAR-202204-2134 | No CVE | Command Execution Vulnerability in TOTOLINK N600R Router |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
TOTOLINK N600R is a wireless router.
The TOTOLINK N600R router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
| VAR-202204-2136 | No CVE | A stack overflow vulnerability exists in the TL-WDR7660 of Pulian Technology Co., Ltd. (CNVD-2022-21792) |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
TL-WDR7660 is a router.
The TL-WDR7660 of Pulian Technology Co., Ltd. has a stack overflow vulnerability, which can be exploited by attackers to gain server privileges.
| VAR-202204-2135 | No CVE | A stack overflow vulnerability exists in the TL-WDR7660 of Pulian Technology Co., Ltd. |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
TL-WDR7660 is a router.
The TL-WDR7660 of Pulian Technology Co., Ltd. has a stack overflow vulnerability, and attackers can use this vulnerability to gain server privileges.
| VAR-202204-1613 | CVE-2022-20739 | Cisco SD-WAN vManage Software Vulnerability in privilege management in |
CVSS V2: 8.5 CVSS V3: 7.3 Severity: HIGH |
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. Cisco SD-WAN vManage Software Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202204-0844 | CVE-2022-28049 | NGINX NJS In NULL Pointer dereference vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. NGINX NJS for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx company in the United States. An attacker could exploit this vulnerability to crash the program
| VAR-202204-2139 | No CVE | Command Execution Vulnerability in TOTOLINK A850R |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The A850R is a gigabit dual-band wireless router.
TOTOLINK A850R has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
| VAR-202204-0246 | CVE-2022-20661 | Cisco Catalyst Digital Building series switch and Cisco Catalyst Initialization Vulnerability in Microswitch |
CVSS V2: 4.9 CVSS V3: 4.6 Severity: MEDIUM |
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory
| VAR-202204-0845 | CVE-2022-20747 | Cisco SD-WAN vManage Software Vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. Cisco SD-WAN vManage Software Exists in unspecified vulnerabilities.Information may be obtained
| VAR-202204-0846 | CVE-2022-20735 | Cisco SD-WAN vManage Software Cross-site request forgery vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco
| VAR-202204-0835 | CVE-2022-27188 | of Yokogawa Electric Corporation b/m9000 vp and centum vp In OS Command injection vulnerability |
CVSS V2: 4.4 CVSS V3: 7.8 Severity: HIGH |
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. (DoS) It may be in a state
| VAR-202204-0640 | CVE-2022-20622 | Catalyst Access Points Software Vulnerability in resource allocation without restrictions or throttling in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. Catalyst Access Points Software Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Cisco Embedded Wireless Controller is a wireless access device of Cisco (Cisco) in the United States
| VAR-202204-0836 | CVE-2022-26034 | of Yokogawa Electric Corporation b/m9000 vp and centum vp Authentication vulnerability in |
CVSS V2: 5.8 CVSS V3: 9.1 Severity: CRITICAL |
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server
| VAR-202204-0254 | CVE-2022-27008 | nginx njs Classic buffer overflow vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202204-1617 | CVE-2022-27007 | nginx njs Vulnerability in using free memory in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202204-1570 | CVE-2022-22195 | Juniper Networks Junos OS Evolved Security hole |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS
| VAR-202204-0229 | CVE-2022-26516 | Red Lion Controls, Inc. of da50n Insufficient validation of data authenticity in firmware vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment. Red Lion Controls, Inc. of da50n Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
A data forgery issue vulnerability exists in the Red Lion DA50N. No detailed vulnerability details are currently provided
| VAR-202204-0257 | CVE-2022-26507 | AT&T Labs Xmill Buffer error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
| VAR-202204-0646 | CVE-2022-22189 | Juniper Networks Contrail Service Orchestration Vulnerability in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. (DoS) It may be in a state
| VAR-202204-0228 | CVE-2022-27179 | Red Lion Controls, Inc. of da50n Insufficient Credential Protection Vulnerability in Firmware |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. Red Lion Controls, Inc. of da50n A firmware vulnerability related to insufficient protection of credentials exists.Information may be obtained