CVE-2020-27347

HIGH LAB

tmux <3.1c - Buffer Overflow

Title source: llm

Description

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Exploits (1)

nomisec WRITEUP 1 stars

by lucadibello · poc

https://github.com/lucadibello/tmux-fuzzing

View Code ZIP pw:eip

References (4)

Core 4

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c

View Patch ZIP pw:eip

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2020/11/05/3

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202011-10

Release Notes, Third Party Advisory x_refsource_confirm

https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Scores

CVSS v3 8.8

EPSS 0.0026

EPSS Percentile 49.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull gcr.io/oss-fuzz-base/base-builder-python:v1

docker pull gcr.io/oss-fuzz-base/base-builder

docker pull gcr.io/oss-fuzz-base/base-clang

docker pull gcr.io/oss-fuzz-base/base-image

docker pull gcr.io/oss-fuzz-base/base-runner

+3 more images

https://github.com/lucadibello/tmux-fuzzing

https://github.com/tmux/tmux

View in Library

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

tmux_project/tmux 2.9 - 3.1b

Published Nov 06, 2020

Tracked Since Feb 18, 2026