VulnerableCode Package Details - pkg:deb/debian/screen@4.0.3-0.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/screen@4.0.3-0.3

Essentials
History (10)

purl	pkg:deb/debian/screen@4.0.3-0.3

Next non-vulnerable version	4.9.1-3
Latest non-vulnerable version	4.9.1-3
Risk

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-2yta-5h7n-j3gg Aliases: CVE-2009-1215	Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.	4.0.3-14 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-52m3-cg57-ubh9 Aliases: CVE-2017-5618	GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.	4.5.0-6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c255-m7n4-4yew Aliases: CVE-2021-26937	encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.	4.6.2-3+deb10u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.8.0-6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jnmp-k1c2-rkbc Aliases: CVE-2009-1214	GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.	4.0.3-14 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wr8k-aue4-2fhc Aliases: CVE-2020-9366	A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.	4.8.0-6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zqvs-uzxx-1qem Aliases: CVE-2015-6806	The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.	4.2.1-3+deb8u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.5.0-6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.0~20120320gitdb59704-7+deb7u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-y8x8-n2ku-yuf3	Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.	CVE-2006-4573

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:18:38.934596+00:00	Debian Oval Importer	Affected by	VCID-c255-m7n4-4yew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T03:52:42.744923+00:00	Debian Oval Importer	Affected by	VCID-jnmp-k1c2-rkbc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T03:30:26.167109+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:45:14.440253+00:00	Debian Oval Importer	Fixing	VCID-y8x8-n2ku-yuf3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:58:29.175166+00:00	Debian Oval Importer	Affected by	VCID-52m3-cg57-ubh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:20:48.278920+00:00	Debian Oval Importer	Affected by	VCID-2yta-5h7n-j3gg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:52:46.298407+00:00	Debian Oval Importer	Affected by	VCID-wr8k-aue4-2fhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:23:32.680794+00:00	Debian Oval Importer	Affected by	VCID-c255-m7n4-4yew	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T21:39:32.494574+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0
2026-06-04T20:34:14.140453+00:00	Debian Oval Importer	Affected by	VCID-zqvs-uzxx-1qem	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.6.0