CVE-2003-0972

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

Published : 2003-12-15 05:00 Updated : 2016-10-18 02:38

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Gnu Screen 3.9.4 cpe:/a:gnu:screen:3.9.4
Gnu Screen 3.9.15 cpe:/a:gnu:screen:3.9.15
Gnu Screen 3.9.8 cpe:/a:gnu:screen:3.9.8
Gnu Screen 3.9.9 cpe:/a:gnu:screen:3.9.9
Gnu Screen 3.9.11 cpe:/a:gnu:screen:3.9.11
Gnu Screen 3.9.13 cpe:/a:gnu:screen:3.9.13
Gnu Screen 4.0.1 cpe:/a:gnu:screen:4.0.1
Gnu Screen 3.9.10 cpe:/a:gnu:screen:3.9.10
  1. Gnu (1) Search CVE
    1. Screen (8) Search CVE
      1. 3.9.4
      2. 3.9.15
      3. 3.9.8
      4. 3.9.9
      5. 3.9.11
      6. 3.9.13
      7. 4.0.1
      8. 3.9.10

CWE

There is no CWE for this CVE.

History of changes

Date Event
2003-12-15 05:00

New CVE