Screen

CVEs (8)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-5618	Hig	0.51	7.8	0.03	Mar 20, 2017	GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVE-2007-3048		0.03	—	0.00	Jun 5, 2007	GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
CVE-2002-1602		0.03	—	0.00	Apr 23, 2002	Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
CVE-2015-6806		0.00	—	0.01	Sep 28, 2015	The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
CVE-2009-1215		0.00	—	0.00	Apr 1, 2009	Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
CVE-2009-1214		0.00	—	0.00	Apr 1, 2009	GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
CVE-2006-4573		0.00	—	0.01	Oct 24, 2006	Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
CVE-2003-0972		0.00	—	0.01	Dec 15, 2003	Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.