"Hello, I noticed someone posted this to the screen-devel list. I can
reproduce it here, just catting the testcase does crash my screen
(I think it wasn't supposed to be public, but it is, so better it's
visible to security teams)
It looks like it might be exploitable at first glance, I see a crash
here in encoding.c, because i is out of range.
1411 else if (!combchars[i])
1413 combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
1414 if (!combchars[i])
1416 combchars[i]->prev = i;
1417 combchars[i]->next = i;
Exploitable or not, it would be annoying if someone stuffed this into logfiles
being tailed, or whatever.
(In reply to Hanno Böck from comment #1)
> Possible patch:
dalias from musl wasn't happy with this, keeping an eye on it:
[20:24:19] <dalias> ok https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html is the right patch to apply
[20:24:34] <dalias> please update fix with that, since the current patch in alpine just *breaks* multilingual use of screen
The bug has been referenced in the following commit(s):
Author: Sven Wegener <email@example.com>
AuthorDate: 2021-02-24 19:21:31 +0000
Commit: Sven Wegener <firstname.lastname@example.org>
CommitDate: 2021-02-24 19:25:15 +0000
app-misc/screen: Revision bump, security bug #769770
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Sven Wegener <email@example.com>
app-misc/screen/files/screen-CVE-2021-26937.patch | 61 +++++++++
app-misc/screen/screen-4.8.0-r2.ebuild | 159 ++++++++++++++++++++++
2 files changed, 220 insertions(+)
thanks, tell us when ready to stable
(In reply to Sam James from comment #4)
> thanks, tell us when ready to stable
Yep, it is ready for stabilization.
(In reply to Sven Wegener from comment #6)
> Yep, it is ready for stabilization.
Thanks, let's roll!
Maintainer(s), please cleanup.
Security, please vote.