Main Vulnerability Database SB2020111080

SB2020111080 - Out-of-bounds write in tmux (Alpine package)

Published: November 10, 2020

Security Bulletin ID SB2020111080

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2020-27347)

The vulnerability allows a local authenticated user to execute arbitrary code.

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=f13745e3c976369ad8fe9f523a5f92d9fa22da82