Unrated severityNVD Advisory· Published Dec 15, 2003· Updated Apr 16, 2026

CVE-2003-0972

Description

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

Affected products

GNU/Screen8 versions
cpe:2.3:a:gnu:screen:3.9.10:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:gnu:screen:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:3.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:screen:4.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2004/dsa-408nvdPatchVendor Advisory
distro.conectiva.com.br/atualizacoes/nvd
groups.yahoo.com/group/gnu-screen/message/3118nvd
marc.infonvd
secunia.com/advisories/10539nvd
www.mandriva.com/security/advisoriesnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000