CVE-2021-26937

Опубликовано: 10 фев. 2021

Источник: redhat

CVSS3: 9.6

Описание

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Меры по смягчению последствий

This flaw is in utf8 processing; if your screen configuration does not enable utf8 (through configuration such as "defencoding utf-8" in .screenrc), you are not vulnerable.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	screen	Out of support scope
Red Hat Enterprise Linux 7	screen	Fixed	RHSA-2021:0742	08.03.2021
Red Hat Enterprise Linux 7.7 Advanced Update Support	screen	Fixed	RHSA-2022:1074	28.03.2022
Red Hat Enterprise Linux 7.7 Telco Extended Update Support	screen	Fixed	RHSA-2022:1074	28.03.2022
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions	screen	Fixed	RHSA-2022:1074	28.03.2022