[3.5] ncurses: buffer overflow in the fmt_entry function(CVE-2017-10684, CVE-2017-10685)
CVE-2017-10684, CVE-2017-10685: In ncurses 6.0, there is a
stack-based buffer overflow in the fmt_entry function.
A crafted input will lead to a remote arbitrary code execution attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10684
Patch:
https://lists.gnu.org/archive/html/guix-commits/2017-07/msg00664.html
(from redmine: issue id 7565, created on 2017-07-20, closed on 2017-08-07)
- Relations:
- parent #7563 (closed)
- Changesets:
- Revision d5ed3d12 by Francesco Colista on 2017-08-07T15:45:50Z:
main/ncurses: fix for CVE-2017-10684 and CVE-2017-10685. Fixes #7565