[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754) (#9283) · Issues · alpine / aports

[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)

A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to
a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.

Fixed In Version:

ncurses 6.1.20180414

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-10754

(from redmine: issue id 9283, created on 2018-08-20, closed on 2018-08-22)

Relations:
- copied_to #9281 (closed)
- parent #9281 (closed)
Changesets:
- Revision ff4efecd by Natanael Copa on 2018-08-21T14:48:02Z:

main/ncurses: backport security fix (CVE-2018-10754)

fixes #9283

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information