CVE-2023-24626

MEDIUM

GNU Screen < 4.9.0 - Denial of Service via Privileged SIGHUP Signal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-24626. PoCs published by Manuel Andreas.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in GNU screen v4.9.0 by sending a crafted message to a Unix socket, allowing an attacker to send a SIGHUP signal to a target process as root. The PoC spawns a screen instance and manipulates socket communication to achieve the escalation.

Description

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

Exploits (1)

exploitdb WORKING POC
by Manuel Andreas · pythonlocallinux
https://www.exploit-db.com/exploits/51252

This exploit leverages a privilege escalation vulnerability in GNU screen v4.9.0 by sending a crafted message to a Unix socket, allowing an attacker to send a SIGHUP signal to a target process as root. The PoC spawns a screen instance and manipulates socket communication to achieve the escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: GNU screen v4.9.0
No auth needed
Prerequisites: GNU screen v4.9.0 configured as setuid root · Access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.5
EPSS 0.0054
EPSS Percentile 41.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-732
Status published
Products (1)
gnu/screen < 4.9.0
Published Apr 08, 2023
Tracked Since Feb 18, 2026