#VU48517 Out-of-bounds write in tmux - CVE-2020-27347

Cybersecurity Help s.r.o.

Published: 2020-11-06 | Updated: 2020-11-18

Vulnerability identifier: #VU48517

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27347

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
tmux
Client/Desktop applications / Other client software

Vendor: tmux

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Mitigation
Install update from vendor's website.

Vulnerable software versions

tmux: 3.0a-r2 - 3.1

External links
https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
https://security.gentoo.org/glsa/202011-10
https://www.openwall.com/lists/oss-security/2020/11/05/3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS update for tmux

Gentoo update for tmux

Out-of-bounds write in tmux (Alpine package)

Out-of-bounds write in tmux