CVE-2015-6806 - Vulnerability Details - OpenCVE

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00643.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Gnu Screen

Configuration 1 [-]

cpe:2.3:a:gnu:gnu_screen:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-305-1	screen security update
Debian DSA	DSA-3352-1	screen security update
EUVD	EUVD-2015-6743	The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
Ubuntu USN	USN-3996-1	GNU Screen vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html
http://www.debian.org/security/2015/dsa-3352
http://www.openwall.com/lists/oss-security/2015/09/01/1
http://www.openwall.com/lists/oss-security/2015/09/03/11
http://www.openwall.com/lists/oss-security/2015/09/03/4
https://nvd.nist.gov/vuln/detail/CVE-2015-6806
https://savannah.gnu.org/bugs/?45713
https://usn.ubuntu.com/3996-1/
https://www.cve.org/CVERecord?id=CVE-2015-6806

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01657}`	epss `{'score': 0.00643}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00718}`	epss `{'score': 0.01657}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-28T20:00:00

Updated: 2024-08-06T07:29:24.823Z

Reserved: 2015-09-03T00:00:00

Link: CVE-2015-6806

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-09-28T20:59:06.280

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-6806

Redhat

Severity : Low

Publid Date: 2015-08-07T00:00:00Z

Links: CVE-2015-6806 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-02T17:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20150904 Re: CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/11"}, {"name": "[oss-security] 20150901 CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/01/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b"}, {"name": "[oss-security] 20150903 AW: Re: CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://savannah.gnu.org/bugs/?45713"}, {"name": "DSA-3352", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3352"}, {"name": "USN-3996-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3996-1/"}, {"name": "openSUSE-SU-2019:1485", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6806", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20150904 Re: CVE request: screen stack overflow (deep recursion)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/03/11"}, {"name": "[oss-security] 20150901 CVE request: screen stack overflow (deep recursion)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/01/1"}, {"name": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b"}, {"name": "[oss-security] 20150903 AW: Re: CVE request: screen stack overflow (deep recursion)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/03/4"}, {"name": "https://savannah.gnu.org/bugs/?45713", "refsource": "CONFIRM", "url": "https://savannah.gnu.org/bugs/?45713"}, {"name": "DSA-3352", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3352"}, {"name": "USN-3996-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3996-1/"}, {"name": "openSUSE-SU-2019:1485", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:29:24.823Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150904 Re: CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/11"}, {"name": "[oss-security] 20150901 CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/01/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b"}, {"name": "[oss-security] 20150903 AW: Re: CVE request: screen stack overflow (deep recursion)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://savannah.gnu.org/bugs/?45713"}, {"name": "DSA-3352", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3352"}, {"name": "USN-3996-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3996-1/"}, {"name": "openSUSE-SU-2019:1485", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6806", "datePublished": "2015-09-28T20:00:00", "dateReserved": "2015-09-03T00:00:00", "dateUpdated": "2024-08-06T07:29:24.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnu_screen:*:*:*:*:*:*:*:*", "matchCriteriaId": "60534A4C-D7AF-49DC-871F-B61D9189125E", "versionEndIncluding": "4.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n MScrollV en ansi.c en GNU screen 4.3.1 y versiones anteriores, no limita correctamente la recursividad, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila) a trav\u00e9s de una secuencia de escape con un valor grande de repeat count."}], "id": "CVE-2015-6806", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-28T20:59:06.280", "references": [{"source": "cve@mitre.org", "url": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3352"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/09/01/1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/11"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/09/03/4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://savannah.gnu.org/bugs/?45713"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3996-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/09/01/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.openwall.com/lists/oss-security/2015/09/03/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/09/03/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://savannah.gnu.org/bugs/?45713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3996-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}