[3.1] screen: DoS attack via stack overflow via terminal control codes (CVE-2015-6806)
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not
properly limit recursion,
which allows remote attackers to cause a denial of service (stack
consumption) via an escape sequence with a large repeat count value.
References:
http://www.openwall.com/lists/oss-security/2015/09/01/1
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-6806
Upstream patch:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd
(from redmine: issue id 4714, created on 2015-10-01, closed on 2015-10-02)
- Relations:
- parent #4711 (closed)