Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-24626Incorrect Permission Assignment in Screen

CWE-732Incorrect Permission AssignmentCWE-862Missing Authorization11 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 81.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Screen
Timeline
PublishedApr 8
Latest updateJan 26

Description

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

Debiangnu/screen< 4.9.1-1+1
Ubuntugnu/screen< 4.9.0-1ubuntu0.1+1
NVDgnu/screen4.9.0

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

4
OSV
screen vulnerabilities2026-01-26
GHSA
GHSA-wr4w-95gx-6cfr: socket2023-04-08
CVEList
CVE-2023-24626: socket2023-04-08
OSV
CVE-2023-24626: socket2023-04-08

💥Exploits & PoCs

1
Exploit-DB
GNU screen v4.9.0 - Privilege Escalation2023-04-05

📋Vendor Advisories

5
Ubuntu
GNU Screen vulnerabilities2026-01-26
Ubuntu
GNU Screen vulnerability2023-07-03
Microsoft
socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing 2023-04-11
Red Hat
screen: allows sending SIGHUP to arbitrary PIDs2023-04-08
Debian
CVE-2023-24626: screen - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the defau...2023
CVE-2023-24626 — Incorrect Permission Assignment | cvebase