screen

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Full-screen window manager that multiplexes a physical terminal
Version 5.0.1-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2862 5.0.0-2 5.0.0-3 High Fixed
AVG-1553 4.8.0-2 4.8.0-3 Medium Fixed FS#69876
Issue Group Severity Remote Type Description
CVE-2025-46805 AVG-2862 High No Denial of service
In socket.c lines 646 and 882 time-of-check/time-of-use (TOCTOU) race conditions exist with regards to sending signals to user supplied PIDs in setuid-root...
CVE-2025-46804 AVG-2862 High No Privilege escalation
This is a minor information leak when running Screen with setuid-root privileges that is found in older Screen versions, as well as in version 5.0.0. The...
CVE-2025-46803 AVG-2862 High No Access restriction bypass
In Screen version 5.0.0 the default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to...
CVE-2025-46802 AVG-2862 High No Access restriction bypass
This issue is found in the Attach() function when the multiattach flag is set (i.e. Screen attempts to attach to a multi-user session). The function...
CVE-2025-23395 AVG-2862 High No Privilege escalation
This issue affects Screen 5.0.0 when it runs with setuid-root privileges. The function logfile_reopen() does not drop privileges while operating on a user...
CVE-2021-26937 AVG-1553 Medium Yes Arbitrary code execution
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have...

Advisories

Date Advisory Group Severity Type
13 May 2025 ASA-202505-1 AVG-2862 High multiple issues