CVE-2023-29491
First published: Fri Apr 14 2023(Updated: )
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Credit: cve@mitre.org cve@mitre.org Jonathan Bar Or MicrosoftEmanuele Cozzi Microsoft MicrosoftMichael Pearse MicrosoftJonathan Bar Or MicrosoftEmanuele Cozzi Microsoft MicrosoftMichael Pearse MicrosoftJonathan Bar Or MicrosoftEmanuele Cozzi Microsoft MicrosoftMichael Pearse Microsoft
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <13.5 | 13.5 | |
| <12.6.8 | 12.6.8 | |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| GNU ncurses | <6.4 |
Remedy
http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
- http://www.openwall.com/lists/oss-security/2023/04/19/10
- http://www.openwall.com/lists/oss-security/2023/04/19/11
- https://security.netapp.com/advisory/ntap-20230517-0009/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://www.openwall.com/lists/oss-security/2023/04/12/5
- https://www.openwall.com/lists/oss-security/2023/04/13/4
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
- https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186313
- https://access.redhat.com/errata/RHSA-2023:5249
- https://catalog.redhat.com/software/containers/ubi8/openjdk-17/618bdbf34ae3739687568813?tag=1.16-2&push_date=1690216094000
- https://catalog.redhat.com/software/containers/ubi8/openjdk-8-runtime/6048ed07dbb14c0b8248bdc4?tag=1.16-2&push_date=1690216094000
- https://access.redhat.com/errata/RHSA-2023:6698
- https://access.redhat.com/errata/RHSA-2023:7361
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2257956
- https://access.redhat.com/errata/RHSA-2024:0416
- https://bugzilla.redhat.com/show_bug.cgi?id=2191704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/253259
- https://www.ibm.com/support/pages/node/7159332 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-34425
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-42828
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-32416
- CVE-2023-40437
- CVE-2023-32418
- CVE-2023-36854
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-36495
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-32734
- CVE-2023-32441
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38410
- CVE-2023-38606
- CVE-2023-38603
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38609
- CVE-2023-38259
- CVE-2023-38564
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32442
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-32654
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-38608
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
- CVE-2023-40442
- CVE-2023-41990
- CVE-2023-32422
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-29491.
What is the severity of CVE-2023-29491?
The severity of CVE-2023-29491 is high (7.8).
Which software is affected by CVE-2023-29491?
The affected software includes macOS Ventura version up to 13.5, GNU ncurses version up to 6.4, macOS Big Sur version up to 11.7.9, and macOS Monterey version up to 12.6.8.
How can a local user exploit CVE-2023-29491?
A local user can exploit CVE-2023-29491 by using a setuid application and triggering security-relevant memory corruption through malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
How can I fix CVE-2023-29491?
To fix CVE-2023-29491, it is recommended to apply the necessary updates provided by the respective vendors or follow the instructions provided in their security advisories. For macOS, refer to the Apple support page for further guidance.
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/softwarecombine
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-29491
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/gnu
- canonical/gnu ncurses
- vendor/apple
- canonical/apple macos ventura
- canonical/apple macos big sur
- canonical/apple macos monterey