CVE-2020-27347

Name
CVE-2020-27347
Description
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
Exploit https://www.openwall.com/lists/oss-security/2020/11/05/3
Third Party Advisory https://security.gentoo.org/glsa/202011-10
CONFIRM https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tmux_project:tmux:*:*:*:*:*:*:*:* tmux >= 2.9 <= 3.1b

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tmux 3.13-main 3.1c-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
tmux 3.12-main 3.1c-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
tmux 3.11-main 3.0a-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
tmux 3.10-main 2.9a-r2 Natanael Copa <ncopa@alpinelinux.org> fixed