There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses-bin 6.0 that will lead to a remote denial of service attack.