[3.7] ncurses:Stack based buffer overflow (CVE-2017-16879) (#8392) · Issues · alpine / aports

[3.7] ncurses:Stack based buffer overflow (CVE-2017-16879)

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers
to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

Fixed In Version:

6.0-20171125

References:

http://invisible-island.net/ncurses/NEWS.html\#t20171125
https://nvd.nist.gov/vuln/detail/CVE-2017-16879

(from redmine: issue id 8392, created on 2018-01-12, closed on 2018-01-25)

Relations:
- parent #8390 (closed)
Changesets:
- Revision 2e8e7a0d on 2018-01-23T11:29:55Z:

main/ncurses: security upgrade to 6.0-20171125 (CVE-2017-16879)

Fixes #8392

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information