Vulnerabilities > CVE-2020-27347 - Out-of-bounds Write vulnerability in Tmux Project Tmux
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
References
- https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
- https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
- https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
- https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
- https://security.gentoo.org/glsa/202011-10
- https://security.gentoo.org/glsa/202011-10
- https://www.openwall.com/lists/oss-security/2020/11/05/3
- https://www.openwall.com/lists/oss-security/2020/11/05/3