In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
References
Link | Resource |
---|---|
https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c | Patch Third Party Advisory |
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES | Release Notes Third Party Advisory |
https://security.gentoo.org/glsa/202011-10 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/11/05/3 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2020-11-04T00:00:00
Updated: 2020-11-17T18:32:44
Reserved: 2020-10-20T00:00:00
Link: CVE-2020-27347
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-06T03:15:17.137
Modified: 2022-10-18T20:05:59.390
Link: CVE-2020-27347
JSON object: View
Redhat Information
No data.