Red Hat Bugzilla – Bug 1258802
CVE-2015-6806 screen: Stack overflow due to deep recursion causing process freeze
Last modified: 2016-11-08 10:50:45 EST
A vulnerability was found in screen causing stack overflow which results in crashing the screen server process. After running malicious command inside screen, it will recursively call MScrollV to depth n/256. This is time consuming and will overflow the stack if 'n' is huge.
Upstream report (contains reproducer):
Created screen tracking bugs for this issue:
Affects: fedora-all [bug 1258806]
Shall I fix the screen bug or close it as WONTFIX too?
Why is this bug closed as WONTFIX?
(In reply to Petr Hracek from comment #3)
> Shall I fix the screen bug or close it as WONTFIX too?
> Why is this bug closed as WONTFIX?
This issue is not planned to be fixed in RHEL due to Low security impact.