CVE-2021-26937

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

References

https://www.openwall.com/lists/oss-security/2021/02/09/3

https://ftp.gnu.org/gnu/screen/

https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html

http://www.openwall.com/lists/oss-security/2021/02/09/8

https://lists.debian.org/debian-lts-announce/2021/02/msg00031.html

https://www.debian.org/security/2021/dsa-4861

https://lists.fedoraproject.org/archives/list/[email protected]/message/JJWLXP45POUUYBJRRWPVAWNZDJTLYWVM/

https://lists.fedoraproject.org/archives/list/[email protected]/message/GNWBOIDEPOEQS5RMQVMFKHKXJCGNYWBL/

https://security.gentoo.org/glsa/202105-11

Details

Source: MITRE

Published: 2021-02-09

Updated: 2021-05-26

Type: CWE-88

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
154571NewStart CGSL CORE 5.04 / MAIN 5.04 : screen Vulnerability (NS-SA-2021-0103)NessusNewStart CGSL Local Security Checks
critical
153303EulerOS 2.0 SP2 : screen (EulerOS-SA-2021-2447)NessusHuawei Local Security Checks
critical
151332EulerOS Virtualization for ARM 64 3.0.2.0 : screen (EulerOS-SA-2021-2083)NessusHuawei Local Security Checks
critical
151251EulerOS 2.0 SP9 : screen (EulerOS-SA-2021-2057)NessusHuawei Local Security Checks
critical
151226EulerOS 2.0 SP9 : screen (EulerOS-SA-2021-2068)NessusHuawei Local Security Checks
critical
151177EulerOS Virtualization for ARM 64 3.0.6.0 : screen (EulerOS-SA-2021-2008)NessusHuawei Local Security Checks
critical
150023GLSA-202105-11 : GNU Screen: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
149638EulerOS 2.0 SP8 : screen (EulerOS-SA-2021-1888)NessusHuawei Local Security Checks
critical
149547EulerOS 2.0 SP5 : screen (EulerOS-SA-2021-1913)NessusHuawei Local Security Checks
critical
149142EulerOS 2.0 SP3 : screen (EulerOS-SA-2021-1848)NessusHuawei Local Security Checks
critical
148557CentOS 7 : screen (CESA-2021:0742)NessusCentOS Local Security Checks
critical
148377Amazon Linux AMI : screen (ALAS-2021-1492)NessusAmazon Linux Local Security Checks
critical
148195Amazon Linux 2 : screen (ALAS-2021-1623)NessusAmazon Linux Local Security Checks
critical
147977Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : GNU Screen vulnerability (USN-4747-1)NessusUbuntu Local Security Checks
critical
147206Scientific Linux Security Update : screen on SL7.x x86_64 (2021:0742)NessusScientific Linux Local Security Checks
critical
147198RHEL 7 : screen (RHSA-2021:0742)NessusRed Hat Local Security Checks
critical
147195Oracle Linux 7 : screen (ELSA-2021-0742)NessusOracle Linux Local Security Checks
critical
147153Fedora 33 : screen (2021-9107eeb95c)NessusFedora Local Security Checks
critical
147027Fedora 32 : screen (2021-5e9894a0c5)NessusFedora Local Security Checks
critical
146791Debian DSA-4861-1 : screen - security updateNessusDebian Local Security Checks
critical
146699Debian DLA-2570-1 : screen security updateNessusDebian Local Security Checks
critical
146676openSUSE Security Update : screen (openSUSE-2021-304)NessusSuSE Local Security Checks
critical
146576SUSE SLED15 / SLES15 Security Update : screen (SUSE-SU-2021:0492-1)NessusSuSE Local Security Checks
critical
146573SUSE SLES12 Security Update : screen (SUSE-SU-2021:0491-1)NessusSuSE Local Security Checks
critical