QID 671124

The curses library routines are a terminal-independent method of updating character screens with reasonable optimization.
the ncurses (new curses) library is a freely distributable replacement for the discontinued 4.4 bsd classic curses library.
this package contains support utilities, including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.
security fix(es): in ncurses 6.1, there is a null pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
The product proceeds to the dereference code path even after a "dubious character `* in name or alias field" detection.(cve-2018-19211) there is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(cve-2019-17594) there is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(cve-2019-17595) there is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(cve-2017-13734) there is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0.
A crafted input will lead to a remote denial of service attack.(cve-2017-13728)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.