Source: ncurses
Version: 6.2+20201114-4
Tags: security
The interface functions mvprintw(3), mvwprintw(3), printw(3),
wprintw(3) and _tracef(3) take a format string as input.
Format string are prone for attacks[1].
To mitigate those modern compilers support format string
attributes[2,3] to warn at compile time on misuses, e.g. a specifier
mismatches.
In ncurses these function attributes are not enabled by default, they
are only enabled when defining the macros GCC_PRINTF and GCC_SCANF.
Please enable these function attributes by default, as every compiler
used with Debian Bookworm should support those and they can help
avoiding format string vulnerabilities, e.g. [4].
Best regards,
Christian Göttsche
[1]: https://owasp.org/www-community/attacks/Format_string_attack
[2]:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#Common-Function-Attributes
[3]: https://clang.llvm.org/docs/AttributeReference.html#format
[4]:
https://github.com/htop-dev/htop/commit/bfcb8ca0196eef942e6363e2fd7faa80eddec644
