CVE-2021-26937

CRITICAL

GNU Screen < 4.8.0 - Denial of Service

Title source: rule

Description

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

References (10)

[Exploit, Mailing List, Vendor Advisory] https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/02/09/3

[Product] https://ftp.gnu.org/gnu/screen/

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/02/09/8

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/02/msg00031.html

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4861

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJWLXP45POUUYBJRRWPVAWNZDJTLYWVM/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNWBOIDEPOEQS5RMQVMFKHKXJCGNYWBL/

[Third Party Advisory] https://security.gentoo.org/glsa/202105-11

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250509-0004/

Scores

CVSS v3 9.8

EPSS 0.1193

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-88

Status published

Products (5)

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 32

fedoraproject/fedora 33

gnu/screen < 4.8.0

Published Feb 09, 2021

Tracked Since Feb 18, 2026