Description
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not
properly limit recursion, which allows remote attackers to cause a denial
of service (stack consumption) via an escape sequence with a large repeat
count value.
Ubuntu-Description
It was discovered that GNU screen mishandled certain crafted input. An attacker
could use this vulnerability to cause a denial of service.
Package
Upstream: | released
(4.3.1-2)
|
Ubuntu 18.04 LTS (Bionic Beaver): | not-affected
(4.3.1-2)
|
Ubuntu 16.04 ESM (Xenial Xerus): | not-affected
(4.3.1-2)
|
Ubuntu 14.04 ESM (Trusty Tahr): | released
(4.1.0~20120320gitdb59704-9ubuntu0.1~esm1)
|
Ubuntu 20.04 FIPS Compliant (Focal Fossa): | not-affected
(4.3.1-2)
|
Patches:
Updated: 2022-02-11 01:01:40 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)