socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-04-08
Updated
2023-04-19
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Max CVSS
9.8
EPSS Score
1.45%
Published
2021-02-09
Updated
2022-05-06
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.43%
Published
2020-02-24
Updated
2022-01-01
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-20
Updated
2020-08-24
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-04-01
Updated
2017-08-17
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-06-05
Updated
2024-03-21
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
Max CVSS
2.6
EPSS Score
3.97%
Published
2006-10-24
Updated
2011-03-08
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2003-12-15
Updated
2016-10-18
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-04-23
Updated
2017-07-11
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!