GNU Screen
By the Year
In 2024 there have been 0 vulnerabilities in GNU Screen . Last year Screen had 1 security vulnerability published. Right now, Screen is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 1 | 9.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Screen vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Screen Security Vulnerabilities
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD)
CVE-2023-24626
6.5 - Medium
- April 08, 2023
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
encoding.c in GNU Screen through 4.8.0
CVE-2021-26937
9.8 - Critical
- February 09, 2021
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Argument Injection
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49
CVE-2020-9366
9.8 - Critical
- February 24, 2020
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Memory Corruption
GNU screen before 4.5.1
CVE-2017-5618
7.8 - High
- March 20, 2017
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
AuthZ
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt
CVE-2007-3048
- June 05, 2007
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Screen or by GNU? Click the Watch button to subscribe.
