PT-2006-1009 · Gnu · Screen

Cstone

Published

2006-10-24

Updated

2011-03-08

CVE-2006-4573

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: screen versions prior to 4.0.3

Description: The issue is related to the handling of UTF8 combining characters in the utf8 handle comb function in encoding.c. This can be exploited by attackers to cause a denial of service, resulting in a crash or hang, via certain UTF8 sequences. The vulnerability can be exploited remotely.

Recommendations: For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of UTF8 sequences in the affected function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02189

CVE-2006-4573

DSA-1202-1

Affected Products

Screen

PT-2006-1009 · Gnu · Screen

CVE-2006-4573

Related Identifiers

Affected Products

References · 28