CVE-2025-46802
Public on 2025-05-13
Modified on 2025-06-02
Description
TTY Hijacking while Attaching to a Multiuser Session in the screen package
Has potential to break some reattach use cases, but the specific use case was broken already before.
screen in Debian not installed setuid or setgid
DEBIANBUG: [1105191]
Info: https://www.openwall.com/lists/oss-security/2025/05/12/1
Patch: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
Has potential to break some reattach use cases, but the specific use case was broken already before.
screen in Debian not installed setuid or setgid
DEBIANBUG: [1105191]
Info: https://www.openwall.com/lists/oss-security/2025/05/12/1
Patch: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | screen | No Fix Planned | ||
| Amazon Linux 2 - Core | screen | 2025-06-12 | ALAS2-2025-2878 | Fixed |
| Amazon Linux 2023 | screen | 2025-06-10 | ALAS2023-2025-1006 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
| NVD | CVSSv3 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |