本頁列出影響 gnu screen 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-24626 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | [email protected] | 6.5 | 0.05% | 2023-04-08 | 2025-05-09 |
| CVE-2021-26937 | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | [email protected] | 9.8 | 12.65% | 2021-02-09 | 2025-05-09 |
| CVE-2020-9366 | A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | [email protected] | 9.8 | 0.73% | 2020-02-24 | 2024-11-21 |
| CVE-2017-5618 | GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. | [email protected] | 7.8 | 2.29% | 2017-03-20 | 2026-05-13 |
| CVE-2009-1214 | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. | [email protected] | 4.9 | 0.08% | 2009-04-01 | 2026-04-23 |
| CVE-2007-3048 | GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue | [email protected] | 7.2 | 0.32% | 2007-06-05 | 2026-04-23 |
| CVE-2006-4573 | Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | [email protected] | 2.6 | 1.22% | 2006-10-24 | 2026-04-23 |
| CVE-2003-0972 | Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. | [email protected] | 10.0 | 1.21% | 2003-12-15 | 2026-04-16 |
| CVE-2002-1602 | Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | [email protected] | 4.6 | 0.24% | 2002-04-23 | 2026-04-16 |