PT-2015-7362 · Gnu+3 · Gnu Screen+3

Kcwu

Publicado

2015-09-04

Atualizado

2019-06-02

CVE-2015-6806

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GNU screen version 4.3.1 and earlier

Description The issue is related to the MScrollV function in ansi.c, which does not properly limit recursion. This allows remote attackers to cause a denial of service, specifically stack consumption, via an escape sequence with a large repeat count value.

Recommendations For GNU screen version 4.3.1 and earlier, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the MScrollV function to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-1759

ALT-PU-2017-1266

CVE-2015-6806

DLA-305-1

DSA-3352-1

MGASA-2015-0354

OPENSUSE-SU-2019_1485-1

SUSE-SU-2019:1354-1

SUSE-SU-2019_1354-1

USN-3996-1

Produtos afetados

Alt Linux

Gnu Screen

Suse

Ubuntu

PT-2015-7362 · Gnu+3 · Gnu Screen+3

CVE-2015-6806

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44