[3.8] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)
A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the _nc_parse_entry function of tinfo/parse_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax.
Fixed In Version:
ncurses 6.1.20180414
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10754
(from redmine: issue id 9282, created on 2018-08-20, closed on 2018-08-22)
- Relations:
- copied_to #9281 (closed)
- parent #9281 (closed)
- Changesets:
- Revision b01bcbc9 by Natanael Copa on 2018-08-21T13:47:01Z:
main/ncurses: upgrade to 6.1_p20180818
fixes #9282