CVE-2023-24626

Name
CVE-2023-24626
Description
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
MISC https://www.exploit-db.com/exploits/51252
MISC https://savannah.gnu.org/bugs/?63195

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:screen:*:*:*:*:*:*:*:* screen >= None <= 4.9.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
screen 3.14-main 4.8.0-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
screen 3.17-main 4.9.0-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
screen 3.16-main 4.9.0-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
screen 3.15-main 4.8.0-r6 Natanael Copa <ncopa@alpinelinux.org> fixed
screen 3.18-main 4.9.0-r3 Natanael Copa <ncopa@alpinelinux.org> fixed