CVE-2020-27347

In tmux before version 3.1c the function inputcsidispatchsgrcolon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

References

Affected packages

Git / github.com/tmux/tmux

Affected ranges

Type: GIT
Repo: https://github.com/tmux/tmux
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a868bacb46e3c900530bed47a1c6f85b0fbe701c

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27347.json"

vanir_signatures

[
    {
        "id": "CVE-2020-27347-4e35a636",
        "source": "https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c",
        "target": {
            "file": "input.c",
            "function": "input_csi_dispatch_sgr_colon"
        },
        "digest": {
            "function_hash": "170732737008620410805361164261211254853",
            "length": 1720.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "id": "CVE-2020-27347-c15704b2",
        "source": "https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c",
        "target": {
            "file": "input.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "240113919815530745566403619576218062793",
                "77253474740385740734274446039228610202",
                "174889705706748848756308818781097816062",
                "12643815915660841977168808069864222592",
                "125294518473082047418332633995689035105"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]