In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
En ncurses 6.0, hay una vulnerabilidad de cadena de formato en la función fmt_entry. Se podría realizar un ataque de ejecución remota de código arbitrario con una entrada especialmente manipulada.
It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code.
