CVE-2003-0972

2003-12-1505:00:00

mitre

web.nvd.nist.gov

cve-2003-0972

ansi

buffer overflow

gnu screen

integer signedness error

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

68.4%

JSON

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of “;” (semicolon) characters in escape sequences, which leads to a buffer overflow.

Affected configurations

Nvd

Node

gnuscreenMatch3.9.4

gnuscreenMatch3.9.8

gnuscreenMatch3.9.9

gnuscreenMatch3.9.10

gnuscreenMatch3.9.11

gnuscreenMatch3.9.13

gnuscreenMatch3.9.15

gnuscreenMatch4.0.1

VendorProductVersionCPE
gnuscreen3.9.4cpe:2.3:a:gnu:screen:3.9.4:*:*:*:*:*:*:*
gnuscreen3.9.8cpe:2.3:a:gnu:screen:3.9.8:*:*:*:*:*:*:*
gnuscreen3.9.9cpe:2.3:a:gnu:screen:3.9.9:*:*:*:*:*:*:*
gnuscreen3.9.10cpe:2.3:a:gnu:screen:3.9.10:*:*:*:*:*:*:*
gnuscreen3.9.11cpe:2.3:a:gnu:screen:3.9.11:*:*:*:*:*:*:*
gnuscreen3.9.13cpe:2.3:a:gnu:screen:3.9.13:*:*:*:*:*:*:*
gnuscreen3.9.15cpe:2.3:a:gnu:screen:3.9.15:*:*:*:*:*:*:*
gnuscreen4.0.1cpe:2.3:a:gnu:screen:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	screen	3.9.4	cpe:2.3:a:gnu:screen:3.9.4:::::::*
gnu	screen	3.9.8	cpe:2.3:a:gnu:screen:3.9.8:::::::*
gnu	screen	3.9.9	cpe:2.3:a:gnu:screen:3.9.9:::::::*
gnu	screen	3.9.10	cpe:2.3:a:gnu:screen:3.9.10:::::::*
gnu	screen	3.9.11	cpe:2.3:a:gnu:screen:3.9.11:::::::*
gnu	screen	3.9.13	cpe:2.3:a:gnu:screen:3.9.13:::::::*
gnu	screen	3.9.15	cpe:2.3:a:gnu:screen:3.9.15:::::::*
gnu	screen	4.0.1	cpe:2.3:a:gnu:screen:4.0.1:::::::*