| CVE-2025-46805 |
AVG-2862 |
High |
No |
Denial of service |
In socket.c lines 646 and 882 time-of-check/time-of-use (TOCTOU) race conditions exist with regards to sending signals to user supplied PIDs in setuid-root... |
| CVE-2025-46804 |
AVG-2862 |
High |
No |
Privilege escalation |
This is a minor information leak when running Screen with setuid-root privileges that is found in older Screen versions, as well as in version 5.0.0. The... |
| CVE-2025-46803 |
AVG-2862 |
High |
No |
Access restriction bypass |
In Screen version 5.0.0 the default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to... |
| CVE-2025-46802 |
AVG-2862 |
High |
No |
Access restriction bypass |
This issue is found in the Attach() function when the multiattach flag is set (i.e. Screen attempts to attach to a multi-user session). The function... |
| CVE-2025-23395 |
AVG-2862 |
High |
No |
Privilege escalation |
This issue affects Screen 5.0.0 when it runs with setuid-root privileges. The function logfile_reopen() does not drop privileges while operating on a user... |
| CVE-2021-26937 |
AVG-1553 |
Medium |
Yes |
Arbitrary code execution |
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have... |