Denial of Service Risk in GNU Screen by GNU
CVE-2015-6806

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnu Screen
Vendor: CVE Published:; 28 September 2015

Summary

The MScrollV function in GNU Screen versions 4.3.1 and earlier is prone to a vulnerability that allows remote attackers to trigger a denial of service condition through excessive recursion. By sending an escape sequence with a significantly large repeat count, the function does not adequately restrict recursion levels, potentially leading to stack exhaustion and subsequent crashes or unresponsiveness of the affected application.

References

http://www.openwall.com/lists/oss-security/2015/09/03/11

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2015/09/01/1

mailing-listx_refsource_MLIST

http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 28, 2015
Vulnerability Reserved
Sep 3, 2015