socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-04-08
Updated
2023-04-19
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Max CVSS
9.8
EPSS Score
1.45%
Published
2021-02-09
Updated
2022-05-06
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.43%
Published
2020-02-24
Updated
2022-01-01
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-20
Updated
2020-08-24
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-04-01
Updated
2017-08-17
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-06-05
Updated
2024-04-11
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
Max CVSS
2.6
EPSS Score
3.97%
Published
2006-10-24
Updated
2011-03-08
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
Max CVSS
10.0
EPSS Score
0.28%
Published
2003-12-15
Updated
2016-10-18
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-04-23
Updated
2017-07-11
9 vulnerabilities found