{ "version": "1", "package": [ { "name": "screen", "layer": "meta", "version": "4.9.1", "products": [ { "product": "screen", "cvesInRecord": "Yes" } ], "issue": [ { "id": "CVE-2002-1602", "summary": "Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.", "scorev2": "4.6", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2002-1602" }, { "id": "CVE-2003-0972", "summary": "Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of \";\" (semicolon) characters in escape sequences, which leads to a buffer overflow.", "scorev2": "10.0", "scorev3": "0.0", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2003-0972" }, { "id": "CVE-2006-4573", "summary": "Multiple unspecified vulnerabilities in the \"utf8 combining characters handling\" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.", "scorev2": "2.6", "scorev3": "0.0", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2006-4573" }, { "id": "CVE-2007-3048", "summary": "GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue", "scorev2": "7.2", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2007-3048" }, { "id": "CVE-2009-1214", "summary": "GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.", "scorev2": "4.9", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2009-1214" }, { "id": "CVE-2017-5618", "summary": "GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.", "scorev2": "7.2", "scorev3": "7.8", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2017-5618" }, { "id": "CVE-2020-9366", "summary": "A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.", "scorev2": "7.5", "scorev3": "9.8", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-9366" }, { "id": "CVE-2021-26937", "summary": "encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.", "scorev2": "7.5", "scorev3": "9.8", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-26937" }, { "id": "CVE-2023-24626", "summary": "socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.", "scorev2": "0.0", "scorev3": "6.5", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-24626" }, { "id": "CVE-2025-46802", "summary": "For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.", "scorev2": "0.0", "scorev3": "6.0", "scorev4": "5.3", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-46802" }, { "id": "CVE-2025-46804", "summary": "A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available.\n\n\nAffected are older Screen versions, as well as version 5.0.0.", "scorev2": "0.0", "scorev3": "3.3", "scorev4": "2.0", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-46804" }, { "id": "CVE-2025-46805", "summary": "Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.", "scorev2": "0.0", "scorev3": "5.5", "scorev4": "5.7", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2025-46805" } ] } ] }