ncurses:Stack based buffer overflow (CVE-2017-16879)
Stack-based buffer overflow in the _nc_write_entry function in
tinfo/write_entry.c in ncurses 6.0 allows attackers
to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted terminfo file, as demonstrated by tic.
Fixed In Version:
6.0-20171125
References:
http://invisible-island.net/ncurses/NEWS.html\#t20171125
https://nvd.nist.gov/vuln/detail/CVE-2017-16879
(from redmine: issue id 8390, created on 2018-01-12, closed on 2018-01-25)
- Relations:
- child #8391 (closed)
- child #8392 (closed)
- child #8393 (closed)
- child #8394 (closed)
- child #8395 (closed)