In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
{ "urgency": "not yet assigned" }