Your submission was sent successfully! Close

CVE-2015-6806

Published: 28 September 2015

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.

From the Ubuntu Security Team

It was discovered that GNU screen mishandled certain crafted input. An attacker could use this vulnerability to cause a denial of service.

Priority

Low

Status

Package Release Status
screen
Launchpad, Ubuntu, Debian
artful Not vulnerable
(4.3.1-2)
bionic Not vulnerable
(4.3.1-2)
cosmic Not vulnerable
(4.3.1-2)
disco Not vulnerable
(4.3.1-2)
precise
Released (4.0.3-14ubuntu8.1)
trusty
Released (4.1.0~20120320gitdb59704-9ubuntu0.1~esm1)
upstream
Released (4.3.1-2)
vivid Ignored
(reached end-of-life)
wily Not vulnerable
(4.3.1-2)
xenial Not vulnerable
(4.3.1-2)
yakkety Not vulnerable
(4.3.1-2)
zesty Not vulnerable
(4.3.1-2)
Patches:
upstream: http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd