Your submission was sent successfully! Close

CVE-2020-27347

Published: 4 November 2020

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Notes

AuthorNote
amurray
Affects tmux versions >= 2.9
Priority

Medium

CVSS 3 base score: 8.5

Status

Package Release Status
tmux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (3.0a-2ubuntu0.2)
groovy
Released (3.1b-1ubuntu0.1)
precise Not vulnerable

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c