CVE-2025-46805

Опубликовано: 26 мая 2025

Источник: debian

EPSS Низкий

Описание

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
screen	fixed	4.9.1-3		package

Примечания

Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
https://www.openwall.com/lists/oss-security/2025/05/12/1
screen in Debian not installed setuid or setgid

EPSS

Процентиль: 1%

0.00013

Низкий

Связанные уязвимости

CVE-2025-46805

CVSS3: 5.5

ubuntu

24 дня назад

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

CVE-2025-46805

CVSS3: 5.5

redhat

около 1 месяца назад

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

CVE-2025-46805

CVSS3: 5.5

nvd

24 дня назад

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

GHSA-v9hv-wgmv-7qj2

CVSS3: 5.5

github

24 дня назад

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

EPSS

Процентиль: 1%

0.00013

Низкий