VulnerableCode Package Details - pkg:deb/debian/screen@3.7.4-9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/screen@3.7.4-9

Essentials
History (11)

purl	pkg:deb/debian/screen@3.7.4-9

Next non-vulnerable version	4.9.1-3
Latest non-vulnerable version	4.9.1-3
Risk	4.3

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-22f5-j3qf-kkbh Aliases: CVE-2003-0972	Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.	4.0.2-4.1sarge1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2yta-5h7n-j3gg Aliases: CVE-2009-1215	Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.	4.0.3-14 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-52m3-cg57-ubh9 Aliases: CVE-2017-5618	GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.	4.5.0-6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c255-m7n4-4yew Aliases: CVE-2021-26937	encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.	4.6.2-3+deb10u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.0-6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jnmp-k1c2-rkbc Aliases: CVE-2009-1214	GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.	4.0.3-14 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wr8k-aue4-2fhc Aliases: CVE-2020-9366	A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.	4.8.0-6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-y8x8-n2ku-yuf3 Aliases: CVE-2006-4573	Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.	4.0.3-0.3 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zqvs-uzxx-1qem Aliases: CVE-2015-6806	The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.	4.1.0~20120320gitdb59704-7+deb7u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.1-3+deb8u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.5.0-6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:18:38.920076+00:00	Debian Oval Importer	Affected by	VCID-c255-m7n4-4yew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T03:52:42.728483+00:00	Debian Oval Importer	Affected by	VCID-jnmp-k1c2-rkbc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T03:30:26.150680+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:45:14.420470+00:00	Debian Oval Importer	Affected by	VCID-y8x8-n2ku-yuf3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:58:29.158606+00:00	Debian Oval Importer	Affected by	VCID-52m3-cg57-ubh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:20:48.261901+00:00	Debian Oval Importer	Affected by	VCID-2yta-5h7n-j3gg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:52:46.281143+00:00	Debian Oval Importer	Affected by	VCID-wr8k-aue4-2fhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:36:01.938193+00:00	Debian Oval Importer	Affected by	VCID-22f5-j3qf-kkbh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:23:32.665324+00:00	Debian Oval Importer	Affected by	VCID-c255-m7n4-4yew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T21:39:32.466282+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0
2026-06-04T20:34:14.117230+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.6.0