[3.8] ncurses:Stack based buffer overflow (CVE-2017-16879)
Stack-based buffer overflow in the _nc_write_entry function in
tinfo/write_entry.c in ncurses 6.0 allows attackers
to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted terminfo file, as demonstrated by tic.
Fixed In Version:
6.0-20171125
References:
http://invisible-island.net/ncurses/NEWS.html\#t20171125
https://nvd.nist.gov/vuln/detail/CVE-2017-16879
(from redmine: issue id 8391, created on 2018-01-12, closed on 2018-01-25)
- Relations:
- parent #8390 (closed)
- Changesets:
- Revision 213b1c9e on 2018-01-23T11:24:08Z:
main/ncurses: security upgrade to 6.0-20171125 (CVE-2017-16879)
Fixes #8391