New advisory for ncurses:unsound

Author: lewismosciski

crates/ncurses/RUSTSEC-0000-0000.md

@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ncurses"
+date = "2025-10-21"
+url = "https://gist.github.com/lewismosciski/e5b5519b875ebbb3900056023ee9f128"
+informational = "unsound"
+categories = ["memory-exposure"]
+keywords = ["memory-safety", "soundness"]
+
+[affected.functions]
+"ncurses::inchnstr" = ["<=6.0.1"]
+"ncurses::inchstr" = ["<=6.0.1"]
+"ncurses::innstr" = ["<=6.0.1"]
+"ncurses::mvwinchnstr" = ["<=6.0.1"]
+"ncurses::mvwinchstr" = ["<=6.0.1"]
+"ncurses::mvwinnstr" = ["<=6.0.1"]
+"ncurses::winchnstr" = ["<=6.0.1"]
+"ncurses::winchstr" = ["<=6.0.1"]
+"ncurses::winnstr" = ["<=6.0.1"]
+"ncurses::winstr" = ["<=6.0.1"]
+
+[versions]
+patched = []
+```
+
+# Soundness issue: Uninitialized memory exposure
+
+Multiple functions improperly use `Vec::set_len()` and `String::set_len()`, setting the length to full capacity when no null terminator is found. This exposes uninitialized memory containing potentially sensitive data.
+
+The ncurses-rs repository is archived and unmaintained. Users should migrate to maintained alternatives such as `crossterm` or `termion`.