Your submission was sent successfully! Close

CVE-2020-27347

Published: 4 November 2020

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Priority

Medium

CVSS 3 base score: 8.5

Status

Package Release Status
tmux
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal
Released (3.0a-2ubuntu0.2)
groovy
Released (3.1b-1ubuntu0.1)
precise Not vulnerable

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)

Notes

AuthorNote
amurray 
Affects tmux versions >= 2.9

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading