Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 559394 (CVE-2015-6806) - <app-misc/screen-4.3.1-r1: Stack overflow due to deep recursion causing process freeze (CVE-2015-6806)
Summary: <app-misc/screen-4.3.1-r1: Stack overflow due to deep recursion causing proce...
Alias: CVE-2015-6806
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa/cve]
Depends on:
Blocks: 549938
  Show dependency tree
Reported: 2015-09-02 10:08 UTC by Agostino Sarubbo
Modified: 2015-11-03 01:18 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-09-02 10:08:37 UTC
From ${URL} :

A vulnerability was found in screen causing stack overflow which results in crashing the screen 
server process. After running malicious command inside screen, it will recursively call MScrollV to 
depth n/256. This is time consuming and will overflow the stack if 'n' is huge.

CVE request:

Upstream patch:

Upstream report (contains reproducer):

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-09-04 05:26:12 UTC
This one affects all of:


and every ebuild in between.

But these were also reported:
Comment 2 Patrice Clement gentoo-dev 2015-09-15 23:24:29 UTC
commit 71c7bd0 (HEAD, master)
Author: Patrice Clement <>
Date:   Tue Sep 15 23:14:26 2015 +0000

    app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394.
    Package-Manager: portage-2.2.18
    Signed-off-by: Patrice Clement <>

 create mode 100644 app-misc/screen/files/screen-4.3.1-ansi.c.patch
 create mode 100644 app-misc/screen/screen-4.3.1-r1.ebuild

Arch teams,

Please stabilise:

Target arches:


Thank you.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-09-16 05:39:34 UTC
Stable for HPPA PPC64.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2015-09-16 10:59:13 UTC
Stable on alpha.
Comment 5 Patrice Clement gentoo-dev 2015-09-17 16:41:54 UTC
Stable for amd64.
Comment 6 Agostino Sarubbo gentoo-dev 2015-09-22 09:00:51 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2015-09-24 08:03:23 UTC
ia64 stable
Comment 8 Markus Meier gentoo-dev 2015-09-25 05:58:18 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-09-25 14:30:20 UTC
x86 stable
Comment 10 Patrice Clement gentoo-dev 2015-10-08 08:57:48 UTC
ping @sparc
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-10-10 14:57:34 UTC
sparc stable

GLSA vote: no.
Comment 12 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-10-10 15:06:13 UTC
(In reply to Mikle Kolyada from comment #11)
> sparc stable
> GLSA vote: no.

GLSA vote: No
Comment 13 Patrice Clement gentoo-dev 2015-10-10 15:37:59 UTC
commit 7eebcd3 (HEAD, master)
Author: Patrice Clement <>
Date:   Sat Oct 10 15:33:53 2015 +0000

    app-misc/screen: Clean up vulnerable versions. Fixes security bug 559394.
    Package-Manager: portage-
    Signed-off-by: Patrice Clement <>

 delete mode 100644 app-misc/screen/files/4.0.2-64bit-time.patch
 delete mode 100644 app-misc/screen/files/4.0.2-no-libelf.patch
 delete mode 100644 app-misc/screen/files/4.0.2-no-pty.patch
 delete mode 100644 app-misc/screen/files/4.0.2-no-utempter.patch
 delete mode 100644 app-misc/screen/files/4.0.2-nonblock.patch
 delete mode 100644 app-misc/screen/files/4.0.2-windowlist-multiuser-fix.patch
 delete mode 100644 app-misc/screen/files/4.0.3-extend-d_termname-ng2.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.1-int-overflow-fix.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.1-vsprintf.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.3-config.h-autoconf-2.62.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.3-cppflags.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.3-crosscompile.patch
 delete mode 100644 app-misc/screen/files/screen-4.0.3-setenv_autoconf.patch
 delete mode 100644 app-misc/screen/screen-4.0.3-r6.ebuild
 delete mode 100644 app-misc/screen/screen-4.0.3-r7.ebuild
 delete mode 100644 app-misc/screen/screen-4.0.3-r8.ebuild
 delete mode 100644 app-misc/screen/screen-4.2.1-r2.ebuild
 delete mode 100644 app-misc/screen/screen-4.3.1.ebuild

Markins as FIXED as per IRC discussion with Kristian and Mikle.