There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a denial of service attack.
Created ncurses tracking bugs for this issue:
Affects: fedora-all [bug 1488923]
*** Bug 1484276 has been marked as a duplicate of this bug. ***