Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

Published

2023-04-08T05:15:07.063

Last Modified

2025-05-09T20:15:37.510

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	screen	≤ 4.9.0	Yes

References

https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mailing List, Patch ([email protected])
https://savannah.gnu.org/bugs/?63195 Permissions Required ([email protected])
https://www.exploit-db.com/exploits/51252 Third Party Advisory, VDB Entry ([email protected])
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://savannah.gnu.org/bugs/?63195 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250509-0003/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/51252 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/51252 Third Party Advisory, VDB Entry (134c704f-9b21-4f2e-91b3-4a467353bcc0)