CVE-2023-24626
published 2023-04-08CVE-2023-24626: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a…
medium6.5CVSS 3.1
AVLACLPRLUINSCCNINAH
EXPLOIT
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | screen | < screen 4.9.1-1 (forky) | screen 4.9.1-1 (forky) |
| gnu | screen | <= 4.9.0 | — |
| gnu | screen | >= 0 < 4.9.1-1 | 4.9.1-1 |
| gnu | screen | >= 0 < 4.9.1-1 | 4.9.1-1 |
| gnu | screen | >= 0 < 4.9.0-1ubuntu0.1 | 4.9.0-1ubuntu0.1 |
| gnu | screen | >= 0 < 4.9.1-1ubuntu1 | 4.9.1-1ubuntu1 |
| msrc | cbl2_screen_4.9.1-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv6.5MEDIUM