MNBSD-2026-18: stack-based buffer overflow in postprocess_termcap via a crafted termcap ko capability

Severity: Unknown

Affected Package: ncurses

Summary: stack-based buffer overflow in postprocess_termcap via a crafted termcap ko capability

Description

The ko capability processing loop in postprocess_termcap() copied termcap string values into a fixed buf2[MAX_TERMINFO_LENGTH] stack buffer without bounds checking, allowing a stack-based buffer overflow via a crafted termcap entry. Fixed by backporting the buffer-limit check from ncurses 6.5-20250329.

Affected Versions

ncurses

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-6141

Published: June 11, 2026
Last Modified: June 11, 2026