CVE-2020-27347

HIGH LAB

tmux 2.9-3.1b - Stack-based Buffer Overflow in input_csi_dispatch_sgr_colon

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27347. PoCs published by lucadibello.

AI-analyzed exploit summary This repository contains a detailed writeup and fuzzing analysis for tmux, including a PoC for CVE-2020-27347. It focuses on enhancing fuzzing techniques and analyzing a known stack-based buffer overflow vulnerability.

Description

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Exploits (1)

nomisec WRITEUP 1 stars
by lucadibello · poc
https://github.com/lucadibello/tmux-fuzzing

This repository contains a detailed writeup and fuzzing analysis for tmux, including a PoC for CVE-2020-27347. It focuses on enhancing fuzzing techniques and analyzing a known stack-based buffer overflow vulnerability.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: tmux (version not specified)
No auth needed
Prerequisites: tmux installation · Docker environment for PoC execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/11/05/3
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202011-10
Release Notes, Third Party Advisory x_refsource_confirm
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Scores

CVSS v3 8.8
EPSS 0.0068
EPSS Percentile 47.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull gcr.io/oss-fuzz-base/base-builder-python:v1
docker pull gcr.io/oss-fuzz-base/base-builder
docker pull gcr.io/oss-fuzz-base/base-clang
docker pull gcr.io/oss-fuzz-base/base-image
docker pull gcr.io/oss-fuzz-base/base-runner
+3 more images

Details

CWE
CWE-121 CWE-787
Status published
Products (1)
tmux_project/tmux 2.9 - 3.1b
Published Nov 06, 2020
Tracked Since Feb 18, 2026