|
From: | Guruprasad Bhat |
Subject: | Re: Possible tgetstr() NULL pointer dereference |
Date: | Thu, 5 Sep 2024 00:24:32 +0530 |
This issue has already been fixed!
It was patched in the immediate next patch release: 6.4-20230615 (https://invisible-island.net/ncurses/NEWS.html#t20230615) with changes to the convert_strings
function in tinfo/read_entry.c
.
Thank you so much! That's fantastic.
I wanted to update this mail thread since the issue is mentioned in CVE-2023-45918 (https://nvd.nist.gov/vuln/detail/CVE-2023-45918) that links here. CVE gets detected by security scanner tools and people like me are then checking the status :).
Also tried the fix too for the reproduction steps, all good!
[Prev in Thread] | Current Thread | [Next in Thread] |