There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a denial of service attack. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
Created ncurses tracking bugs for this issue: Affects: fedora-all [bug 1488923]
*** Bug 1484276 has been marked as a duplicate of this bug. ***