screen: DoS attack via stack overflow via terminal control codes (CVE-2015-6806)
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not
properly limit recursion,
which allows remote attackers to cause a denial of service (stack
consumption) via an escape sequence with a large repeat count value.
References:
http://www.openwall.com/lists/oss-security/2015/09/01/1
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-6806
Upstream patch:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd
(from redmine: issue id 4711, created on 2015-10-01, closed on 2015-10-02)
- Relations:
- child #4712 (closed)
- child #4713 (closed)
- child #4714 (closed)
- child #4715 (closed)
- child #4716 (closed)
- Changesets:
- Revision 3d8174d3 by Eivind Uggedal on 2015-10-01T14:01:32Z:
main/screen: security fix for CVE-2015-6806
ref #4711 fixes #4716