Candidate: CVE-2020-9366
PublicDate: 2020-02-24 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9366
 https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html
 https://www.openwall.com/lists/oss-security/2020/02/06/3
 http://www.openwall.com/lists/oss-security/2020/02/25/1
Description:
 A buffer overflow was found in the way GNU Screen before 4.8.0 treated the
 special escape OSC 49. Specially crafted output, or a special program,
 could corrupt memory and crash Screen or possibly have unspecified other
 impact.
Ubuntu-Description:
Notes:
 leosilva> vulnerable code introduced in v4.7.0
 leosilva> introduced by https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950896
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_screen:
 upstream: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b
 upstream: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a
upstream_screen: released (4.8.0-1)
precise/esm_screen: not-affected
trusty_screen: ignored (out of standard support)
trusty/esm_screen: not-affected
xenial_screen: not-affected
esm-infra/xenial_screen: not-affected
bionic_screen: not-affected
eoan_screen: not-affected
devel_screen: not-affected (4.8.0-1)