diff --git a/pkgs/tools/misc/screen/default.nix b/pkgs/tools/misc/screen/default.nix
index f9d546a30fe..5b1e7e232a0 100644
--- a/pkgs/tools/misc/screen/default.nix
+++ b/pkgs/tools/misc/screen/default.nix
@@ -1,4 +1,13 @@
-{ lib, stdenv, fetchurl, autoreconfHook, ncurses, libxcrypt, utmp, pam ? null }:
+{ lib
+, stdenv
+, fetchurl
+, fetchpatch
+, autoreconfHook
+, ncurses
+, libxcrypt
+, utmp
+, pam ? null
+}:
 
 stdenv.mkDerivation rec {
   pname = "screen";
@@ -9,6 +18,15 @@ stdenv.mkDerivation rec {
     sha256 = "1x1hqy4h47i7hk85f779lkwkm7gkq8h8mxwd0znkh5adpf0m4czr";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-24626.patch";
+      url = "https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7";
+      stripLen = 1;
+      sha256 = "sha256-NV6Uh4h9AK7kQMHqbxeuhjFEvwQH7OWdu7h8pZCGFog=";
+    })
+  ];
+
   configureFlags= [
     "--enable-telnet"
     "--enable-pam"