Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ; (semicolon) characters in escape sequences, which leads to a buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Screen | Gnu | 3.9.4 (including) | 3.9.4 (including) |
Screen | Gnu | 3.9.8 (including) | 3.9.8 (including) |
Screen | Gnu | 3.9.9 (including) | 3.9.9 (including) |
Screen | Gnu | 3.9.10 (including) | 3.9.10 (including) |
Screen | Gnu | 3.9.11 (including) | 3.9.11 (including) |
Screen | Gnu | 3.9.13 (including) | 3.9.13 (including) |
Screen | Gnu | 3.9.15 (including) | 3.9.15 (including) |
Screen | Gnu | 4.0.1 (including) | 4.0.1 (including) |
Screen | Ubuntu | dapper | * |
Screen | Ubuntu | devel | * |
Screen | Ubuntu | edgy | * |
Screen | Ubuntu | feisty | * |