Vulnerability Details : CVE-2021-39537
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-39537
- cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39537
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-39537
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-39537
-
https://security.netapp.com/advisory/ntap-20230427-0012/
CVE-2021-39537 GNU Ncurses Vulnerability in NetApp Products | NetApp Product Security
-
https://support.apple.com/kb/HT213488
About the security content of macOS Ventura 13 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213443
About the security content of macOS Big Sur 11.7 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/45
Full Disclosure: APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/41
Full Disclosure: APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13Mailing List;Third Party Advisory
-
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c - view - 1.1Patch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/28
Full Disclosure: APPLE-SA-2022-10-24-2 macOS Ventura 13Mailing List;Third Party Advisory
-
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
Re: CVE-2021-39537Mailing List;Vendor Advisory
-
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
A heap-buffer-overflow in captoinfo.c:321:12Exploit;Mailing List;Vendor Advisory
-
https://support.apple.com/kb/HT213444
About the security content of macOS Monterey 12.6 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/43
Full Disclosure: APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
[SECURITY] [DLA 3682-1] ncurses security update
Jump to