Vulnerability CVE-2021-26937: Information
Description
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
screen | sisyphus | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2021-3263-1 | 263893 | Fixed |
screen | sisyphus_e2k | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2022-3454-1 | - | Fixed |
screen | p10 | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2021-3614-1 | 291984 | Fixed |
screen | p10_e2k | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2021-4714-1 | - | Fixed |
screen | c10f1 | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2021-3614-1 | 291984 | Fixed |
screen | c9f2 | 4.6.2-alt3.p9.2 | 4.6.2-alt3.p9.2 | ALT-PU-2021-3266-1 | 289403 | Fixed |
screen | p11 | 4.8.0-alt2 | 4.8.0-alt2 | ALT-PU-2021-3263-1 | 263893 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.openwall.com/lists/oss-security/2021/02/09/3 |
|
https://ftp.gnu.org/gnu/screen/ |
|
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html |
|
[oss-security] 20210210 Re: screen crash processing combining characters |
|
[debian-lts-announce] 20210219 [SECURITY] [DLA 2570-1] screen security update |
|
DSA-4861 |
|
GLSA-202105-11 |
|
FEDORA-2021-5e9894a0c5 | |
FEDORA-2021-9107eeb95c |