Dear Screen Maintainers, I have identified two null pointer dereference vulnerabilities in GNU Screen 5.0.0, located in source file src/canvas.c at Line 765, inside function DupLayoutCv(). Test Environment Info (required by official bug reporting rules): Screen Version: 5.0.0 Operating System: Linux Compiler: GCC Vulnerability Overview: In function DupLayoutCv(), the program calls calloc() twice to allocate Canvas structure memory for c_slperp and c_slnext respectively. The returned pointer is used directly without NULL verification after calloc allocation. When system memory is exhausted and calloc returns NULL, accessing structure members via the null pointer will trigger program segmentation fault and crash. This flaw can be triggered intentionally by continuous recursive memory allocation to exhaust system RAM, leading to local denial-of-service attacks. Vulnerability Type: CWE-476 NULL Pointer Dereference Risk: Repeated triggering leads to program abnormal exit, bringing Slow DoS risk. A complete vulnerability analysis report and patch suggestion are attached. This is a private responsible disclosure. I will not publish any vulnerability details before you release an official fix. Please verify this issue. Looking forward to your reply and CVE assignment. Best regards, Ao Xijie
canvas.c_Screen5.0.0_Null_Deref_Report.md
Description: Binary data
