Vulnerability Description
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Screen | <= 4.9.0 |
Related Weaknesses (CWE)
References
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f0Mailing ListPatch
- https://savannah.gnu.org/bugs/?63195Permissions Required
- https://www.exploit-db.com/exploits/51252Third Party AdvisoryVDB Entry
- https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f0Mailing ListPatch
- https://savannah.gnu.org/bugs/?63195Permissions Required
- https://security.netapp.com/advisory/ntap-20250509-0003/
- https://www.exploit-db.com/exploits/51252Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/51252Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-24626?
CVE-2023-24626 is a vulnerability with a CVSS score of 6.5 (MEDIUM). socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causi...
How severe is CVE-2023-24626?
CVE-2023-24626 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24626?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Screen.