Dear Screen Maintainers, I have identified two null pointer dereference 
vulnerabilities in GNU Screen 5.0.0, located in source file src/canvas.c at 
Line 765, inside function DupLayoutCv(). Test Environment Info (required by 
official bug reporting rules): Screen Version: 5.0.0 Operating System: Linux 
Compiler: GCC Vulnerability Overview: In function DupLayoutCv(), the program 
calls calloc() twice to allocate Canvas structure memory for c_slperp and 
c_slnext respectively. The returned pointer is used directly without NULL 
verification after calloc allocation. When system memory is exhausted and 
calloc returns NULL, accessing structure members via the null pointer will 
trigger program segmentation fault and crash. This flaw can be triggered 
intentionally by continuous recursive memory allocation to exhaust system RAM, 
leading to local denial-of-service attacks. Vulnerability Type: CWE-476 NULL 
Pointer Dereference Risk: Repeated triggering leads to program abnormal exit, 
bringing Slow DoS risk. A complete vulnerability analysis report and patch 
suggestion are attached. This is a private responsible disclosure. I will not 
publish any vulnerability details before you release an official fix. Please 
verify this issue. Looking forward to your reply and CVE assignment. Best 
regards, Ao Xijie

Attachment: canvas.c_Screen5.0.0_Null_Deref_Report.md
Description: Binary data



Reply via email to