CVE-2025-46805 Screen has a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root

🗓️ 26 May 2025 13:16:40Reported by suseType

TOCTOU race in Screen allows sending signals to privileged processes on setuid-root installations.

Reporter	Title	Published	Views	Family All 52
FreeBSD	screen -- multiple vulnerabilities	12 May 202500:00	–	freebsd
AlpineLinux	CVE-2025-46805	26 May 202513:16	–	alpinelinux
ArchLinux	[ASA-202505-1] screen: multiple issues	13 May 202500:00	–	archlinux
Circl	CVE-2025-46805	13 May 202516:45	–	circl
CNNVD	GNU Screen 安全漏洞	26 May 202500:00	–	cnnvd
CNVD	Gnu Screen Competitive Conditions Loophole	30 May 202500:00	–	cnvd
CVE	CVE-2025-46805	26 May 202513:16	–	cve
Debian CVE	CVE-2025-46805	26 May 202513:16	–	debiancve
Tenable Nessus	EulerOS 2.0 SP12 : screen (EulerOS-SA-2025-1840)	21 Jul 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : screen (EulerOS-SA-2025-1841)	21 Jul 202500:00	–	nessus

[
  {
    "collectionURL": "https://git.savannah.gnu.org/cgit/screen.git",
    "defaultStatus": "unaffected",
    "packageName": "screen",
    "versions": [
      {
        "lessThanOrEqual": "5.0.0",
        "status": "affected",
        "version": "5.0.",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "4.9.1",
        "status": "affected",
        "version": "?",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2025/05/12/1

26 May 2025 13:23Current

CVSS 3.15.5

CVSS 45.7

EPSS0.00167

CWE-367