rpm package
opensuse/screen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/screen&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46802 | Med | 6.0 | < 4.9.1-5.1 | 4.9.1-5.1 | May 26, 2025 | For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | |
| CVE-2023-24626 | — | < 4.9.1-1.1 | 4.9.1-1.1 | Apr 8, 2023 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | ||
| CVE-2021-26937 | — | < 4.9.0-1.1 | 4.9.0-1.1 | Feb 9, 2021 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | ||
| CVE-2017-5618 | Hig | 7.8 | < 4.8.0-3.17 | 4.8.0-3.17 | Mar 20, 2017 | GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. |
- affected < 4.9.1-5.1fixed 4.9.1-5.1
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.
- CVE-2023-24626Apr 8, 2023affected < 4.9.1-1.1fixed 4.9.1-1.1
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
- CVE-2021-26937Feb 9, 2021affected < 4.9.0-1.1fixed 4.9.0-1.1
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
- affected < 4.8.0-3.17fixed 4.8.0-3.17
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.