ByteOS Network

Vulnerability Details :

CVE-2023-24626

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-08 Apr, 2023 | 00:00

Updated At-09 May, 2025 | 20:03

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:08 Apr, 2023 | 00:00

Updated At:09 May, 2025 | 20:03

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://savannah.gnu.org/bugs/?63195	N/A
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7	N/A
https://www.exploit-db.com/exploits/51252	N/A

Hyperlink: https://savannah.gnu.org/bugs/?63195

Resource: N/A

Hyperlink: https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/51252

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://savannah.gnu.org/bugs/?63195	x_transferred
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7	x_transferred
https://www.exploit-db.com/exploits/51252	x_transferred
https://security.netapp.com/advisory/ntap-20250509-0003/	N/A

Hyperlink: https://savannah.gnu.org/bugs/?63195

Resource:

x_transferred

Hyperlink: https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7

Resource:

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/51252

Resource:

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20250509-0003/

Resource: N/A

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-732	CWE-732 Incorrect Permission Assignment for Critical Resource

Type: CWE

CWE ID: CWE-732

Description: CWE-732 Incorrect Permission Assignment for Critical Resource

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Metrics Other Info

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/51252	exploit

Hyperlink: https://www.exploit-db.com/exploits/51252

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:08 Apr, 2023 | 05:15

Updated At:09 May, 2025 | 20:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CPE Matches

GNU

>>screen>>Versions up to 4.9.0(inclusive)

cpe:2.3:a:gnu:screen:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-732	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-732

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7	cve@mitre.org	Mailing List Patch
https://savannah.gnu.org/bugs/?63195	cve@mitre.org	Permissions Required
https://www.exploit-db.com/exploits/51252	cve@mitre.org	Third Party Advisory VDB Entry
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch
https://savannah.gnu.org/bugs/?63195	af854a3a-2127-422b-91ae-364da2661108	Permissions Required
https://security.netapp.com/advisory/ntap-20250509-0003/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/51252	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/51252	134c704f-9b21-4f2e-91b3-4a467353bcc0	Third Party Advisory VDB Entry

Hyperlink: https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7

Source: cve@mitre.org

Resource:

Mailing List

Patch

Hyperlink: https://savannah.gnu.org/bugs/?63195

Source: cve@mitre.org

Resource:

Permissions Required

Hyperlink: https://www.exploit-db.com/exploits/51252

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Patch

Hyperlink: https://savannah.gnu.org/bugs/?63195

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Permissions Required

Hyperlink: https://security.netapp.com/advisory/ntap-20250509-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/51252

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://www.exploit-db.com/exploits/51252

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Third Party Advisory

VDB Entry

Similar CVEs

2Records found

CVE-2019-18192

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-0.10% / 28.70%

7 Day CHG~0.00%

Published-17 Oct, 2019 | 19:06

Updated-05 Aug, 2024 | 01:47

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.

Vendor-n/a GNU

Product-guix n/a

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2022-2188

Matching Score-4

Assigner-Trellix

View Details

Matching Score-4

Assigner-Trellix

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.47%

7 Day CHG~0.00%

Published-07 Nov, 2022 | 11:26

Updated-08 May, 2025 | 16:02

DXL Broker privilege escalation vulnerability

Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.

Vendor-Musarubra US LLC (Trellix)Microsoft Corporation McAfee, LLC

Product-windows data_exchange_layer DXL Broker

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2023-24626

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs