LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2002-1602
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
CVSS v2 BASE SCORE: 4.6
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1602

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2003-0972
CVE STATUS: Patched
CVE SUMMARY: Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0972

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2006-4573
CVE STATUS: Patched
CVE SUMMARY: Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
CVSS v2 BASE SCORE: 2.6
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4573

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2007-3048
CVE STATUS: Patched
CVE SUMMARY: GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt.  NOTE: multiple third parties report inability to reproduce this issue
CVSS v2 BASE SCORE: 7.2
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3048

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2009-1214
CVE STATUS: Patched
CVE SUMMARY: GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
CVSS v2 BASE SCORE: 4.9
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1214

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2017-5618
CVE STATUS: Patched
CVE SUMMARY: GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVSS v2 BASE SCORE: 7.2
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5618

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2020-9366
CVE STATUS: Patched
CVE SUMMARY: A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9366

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2021-26937
CVE STATUS: Patched
CVE SUMMARY: encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-26937

LAYER: meta
PACKAGE NAME: screen
PACKAGE VERSION: 4.9.1
CVE: CVE-2023-24626
CVE STATUS: Patched
CVE SUMMARY: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24626