CVE-2023-24626: 
NixOS vulnerability analysis and mitigation

GNU Screen through version 4.9.0, when installed with setuid or setgid privileges (which is the default configuration on platforms like Arch Linux and FreeBSD), contains a security vulnerability identified as CVE-2023-24626. The vulnerability was discovered in the socket.c component and was publicly disclosed on April 8, 2023. This security flaw allows local users to send privileged SIGHUP signals to any Process ID (PID) (NVD).

The vulnerability stems from improper permission checking in the socket.c component before sending signals to target processes. The issue has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is specifically related to a missing signal sending permission check on failed query messages, as evidenced by the patch that was later implemented (GNU Patch).

When exploited, this vulnerability can cause a denial of service (DoS) or disruption of target processes. The impact is particularly significant because it allows local users to send privileged SIGHUP signals to any process ID, potentially disrupting critical system operations (NVD).

The issue has been addressed through system updates across various platforms. Ubuntu has released security updates for multiple versions: Ubuntu 18.04 (screen - 4.6.2-1ubuntu1.1+esm1), Ubuntu 16.04 (screen - 4.3.1-2ubuntu0.1+esm1), and Ubuntu 14.04 (screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm3). Users are advised to update their systems to the patched versions (Ubuntu Security).