[3.7] ncurses:Stack based buffer overflow (CVE-2017-16879)
Stack-based buffer overflow in the _nc_write_entry function in
tinfo/write_entry.c in ncurses 6.0 allows attackers
to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted terminfo file, as demonstrated by tic.
Fixed In Version:
6.0-20171125
References:
http://invisible-island.net/ncurses/NEWS.html\#t20171125
https://nvd.nist.gov/vuln/detail/CVE-2017-16879
(from redmine: issue id 8392, created on 2018-01-12, closed on 2018-01-25)
- Relations:
- parent #8390 (closed)
- Changesets:
- Revision 2e8e7a0d on 2018-01-23T11:29:55Z:
main/ncurses: security upgrade to 6.0-20171125 (CVE-2017-16879)
Fixes #8392