GNU Screen Escape Sequence Integer Overflow Array Indexing Vulnerability

GNU Screen Escape Sequence Integer Overflow Array Indexing Vulnerability

GNU Screen is prone to a signed integer overflow vulnerability that may be triggered by including 2-gigabytes or more of semi-colons (;) or colones (:) in an escape sequence. This will cause an internal variable to wrap to a negative value, causing a size check to succeed when it should have failed. Further operations using this negative value may potentially cause memory to be corrupted with attacker-controlled data, potentially allowing for code execution.

This issue could be exploited locally to gain elevated privileges or in some cases remote exploitation may also be possible (though unlikely due to the amount of data required) since escape sequences could originate from a remote network session using SSH, telnet or another network client. Screen is usually installed with setgid utmp or setuid root permissions.