CVE-2021-39537

Published: 20 September 2021

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
ncurses Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Needed
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable (6.2+20201114-2build1)
	jammy	Not vulnerable (6.3-2)
	trusty	Released (5.9+20140118-1ubuntu1+esm2)
	upstream	Released (6.2-20200531)
	xenial	Released (6.0+20160213-1ubuntu1+esm2)
	Patches: upstream: https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443

Author	Note
mdeslaur	read of size 1, DoS only

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.