Published: 28/09/2015 Updated: 02/06/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The MScrollV function in ansi.c in GNU screen 4.3.1 and previous versions does not properly limit recursion, which allows remote malicious users to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnu screen

Debian Bug report logs - #797624 screen: CVE-2015-6806: DoS attack via stack overflow via terminal control codes Package: screen; Maintainer for screen is Axel Beckert <abe@debianorg>; Source for screen is src:screen (PTS, buildd, popcon) Reported by: Axel Beckert <abe@debianorg> Date: Mon, 31 Aug 2015 22:45:01 UTC ...

GNU Screen could be made to crash or run programs as your login if it opened a specially crafted file or received specially crafted input ...

The MScrollV function in ansic in GNU screen 431 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value ...

CWE-119 https://savannah.gnu.org/bugs/?45713 http://www.openwall.com/lists/oss-security/2015/09/01/1 http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b http://www.openwall.com/lists/oss-security/2015/09/03/11 http://www.debian.org/security/2015/dsa-3352 http://www.openwall.com/lists/oss-security/2015/09/03/4 https://usn.ubuntu.com/3996-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797624 https://usn.ubuntu.com/3996-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-6806

CVE-2015-6806

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect