libconfuse.so is vulnerable to denial of service. An attacker can send a malicious username
parameter to the function cfg_tilde_expand
to cause a heap-based buffer over-read, leading to an application crash.
github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
github.com/libconfuse/libconfuse/issues/163
lists.fedoraproject.org/archives/list/[email protected]/message/BSAZK4KAWRWNAFUBBXOYU3PVNH3X7226/
lists.fedoraproject.org/archives/list/[email protected]/message/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL/
lists.fedoraproject.org/archives/list/[email protected]/message/FJKHAPJ6AUWVP4HDGKH4M5A2XXWQI73O/