In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. https://nvd.nist.gov/vuln/detail/CVE-2018-19217