CVE-2003-0972

7 documents7 sources
Severity
10.0CRITICAL
EPSS
1.2%
top 21.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Screen
Timeline
PublishedDec 15
Latest updateApr 29

Description

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianscreen< 4.0.2-0.1+3
NVDgnu/screen8 versions+7

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-m666-c5wx-qfvx: Integer signedness error in ansi2022-04-29
OSV
CVE-2003-0972: Integer signedness error in ansi2003-12-15
CVEList
CVE-2003-0972: Integer signedness error in ansi2003-12-02

📋Vendor Advisories

2
Red Hat
security flaw2003-11-27
Debian
CVE-2003-0972: screen - Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 ...2003

💬Community

1
Bugzilla
CVE-2003-0972 security flaw2018-08-16
CVE-2003-0972 (CRITICAL CVSS 10) | Integer signedness error in ansi.c | cvebase.io