There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2017-13733