There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
Source: MITRE
Published: 2019-10-14
Updated: 2021-02-08
Type: CWE-125
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Impact Score: 2.5
Exploitability Score: 2.8
Severity: MEDIUM