Vulnerability Details CVE-2023-24626
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.0%
CVSS Severity
CVSS v3 Score 6.5
References
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
- https://savannah.gnu.org/bugs/?63195
- https://www.exploit-db.com/exploits/51252
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
- https://savannah.gnu.org/bugs/?63195
- https://www.exploit-db.com/exploits/51252
- https://www.exploit-db.com/exploits/51252
Products affected by CVE-2023-24626
-
cpe:2.3:a:gnu:screen:-
-
cpe:2.3:a:gnu:screen:3.6.0
-
cpe:2.3:a:gnu:screen:3.6.1
-
cpe:2.3:a:gnu:screen:3.6.2
-
cpe:2.3:a:gnu:screen:3.7.1
-
cpe:2.3:a:gnu:screen:3.7.2
-
cpe:2.3:a:gnu:screen:3.7.4
-
cpe:2.3:a:gnu:screen:3.7.6
-
cpe:2.3:a:gnu:screen:3.9.10
-
cpe:2.3:a:gnu:screen:3.9.11
-
cpe:2.3:a:gnu:screen:3.9.13
-
cpe:2.3:a:gnu:screen:3.9.15
-
cpe:2.3:a:gnu:screen:3.9.4
-
cpe:2.3:a:gnu:screen:3.9.8
-
cpe:2.3:a:gnu:screen:3.9.9
-
cpe:2.3:a:gnu:screen:4.0.1
-
cpe:2.3:a:gnu:screen:4.0.2
-
cpe:2.3:a:gnu:screen:4.0.3
-
cpe:2.3:a:gnu:screen:4.2.0
-
cpe:2.3:a:gnu:screen:4.2.1
-
cpe:2.3:a:gnu:screen:4.3.0
-
cpe:2.3:a:gnu:screen:4.3.1
-
cpe:2.3:a:gnu:screen:4.4.0
-
cpe:2.3:a:gnu:screen:4.5.0
-
cpe:2.3:a:gnu:screen:4.5.1
-
cpe:2.3:a:gnu:screen:4.6.0
-
cpe:2.3:a:gnu:screen:4.6.1
-
cpe:2.3:a:gnu:screen:4.6.2
-
cpe:2.3:a:gnu:screen:4.7.0
-
cpe:2.3:a:gnu:screen:4.8.0
-
cpe:2.3:a:gnu:screen:4.9.0