First published: Mon Sep 28 2015(Updated: )
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/screen | <4.1.0~20120320 | 4.1.0~20120320 |
ubuntu/screen | <4.3.1-2 | 4.3.1-2 |
debian/screen | 4.8.0-6 4.9.0-4 4.9.1-1 | |
Ubuntu | <=4.3.1 |
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-6806 is classified as a medium severity vulnerability due to its potential for causing denial of service through stack consumption.
To remediate CVE-2015-6806, upgrade GNU screen to version 4.3.1-2 or later.
CVE-2015-6806 affects GNU screen versions up to and including 4.3.1.
Yes, CVE-2015-6806 can be exploited remotely via an escape sequence with a large repeat count value.
Symptoms of CVE-2015-6806 exploitation include unexpected crashes or unresponsiveness of the GNU screen application.