In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
En ncurses versión 6.1, hay una desreferencia de puntero NULL en la función _nc_parse_entry del archivo parse_entry.c que conducirá a un ataque de denegación de servicio (DoS). El producto procede al path del código de desreferencia incluso después de la detección de un "carácter dudoso `*' en el campo name o alias".
Hosein Askari discovered that ncurses was incorrectly performing memory management operations when dealing with long filenames while writing structures into the file system. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Chung-Yi Lin discovered that ncurses was incorrectly handling access to invalid memory areas when parsing terminfo or termcap entries where the use-name had invalid syntax. An attacker could possibly use this issue to cause a denial of service.
