Vulnerability Name:

CVE-2020-27347 (CCN-191230)

Assigned:2020-11-05
Published:2020-11-05
Updated:2022-10-18
Summary:In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-27347

Source: XF
Type: UNKNOWN
tmux-cve202027347-bo(191230)

Source: CCN
Type: tmux GIt Repository
tmux

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c

Source: CONFIRM
Type: Release Notes, Third Party Advisory
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES

Source: CCN
Type: oss-sec Mailing List, Thu, 05 Nov 2020 16:03:12 +0300
CVE-2020-27347: tmux buffer overflow in escape sequence parser

Source: GENTOO
Type: Third Party Advisory
GLSA-202011-10

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/05/3

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tmux_project:tmux:*:*:*:*:*:*:*:* (Version >= 2.9 and <= 3.1b)

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202027347
    V
    CVE-2020-27347
    2022-06-30
    oval:org.opensuse.security:def:370
    P
    tmux-3.1c-1.38 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:113531
    P
    tmux-3.2a-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64798
    P
    Security update for the Linux Kernel (Important)
    2021-11-11
    oval:org.opensuse.security:def:64593
    P
    Security update for strongswan (Important)
    2021-10-19
    oval:org.opensuse.security:def:106927
    P
    tmux-3.2a-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63204
    P
    freeradius-server-3.0.16-3.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:74659
    P
    Security update for go1.16 (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:64554
    P
    Security update for the Linux Kernel (Important)
    2021-08-17
    oval:org.opensuse.security:def:63544
    P
    libavcodec-devel-3.4.2-2.35 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64691
    P
    Security update for fribidi (Important)
    2021-05-19
    oval:org.opensuse.security:def:64690
    P
    Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:64481
    P
    Security update for giflib (Low)
    2021-04-28
    oval:org.opensuse.security:def:63406
    P
    apache2-mod_php7-7.4.6-1.11 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:64439
    P
    Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:75012
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:25677
    P
    Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:64225
    P
    ceph-common on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26496
    P
    Security update for tmux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65070
    P
    Security update for kernel-firmware (Important)
    2020-12-01
    oval:org.opensuse.security:def:25624
    P
    Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:63996
    P
    Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26461
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64958
    P
    Security update for gstreamer-plugins-base (Important)
    2020-12-01
    oval:org.opensuse.security:def:25474
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:63849
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25823
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:64900
    P
    Security update for binutils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64231
    P
    cracklib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25390
    P
    Security update for python3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:63646
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:25779
    P
    Security update for the SUSE Linux Enterprise 12 kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:64337
    P
    libjavascriptcoregtk-4_0-18 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64097
    P
    Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25333
    P
    Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:74533
    P
    Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25765
    P
    Security update for Adobe Flash Player (Important)
    2020-12-01
    oval:org.opensuse.security:def:63770
    P
    Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25252
    P
    Security update for ipmitool (Important)
    2020-12-01
    oval:org.opensuse.security:def:75145
    P
    Security update for tmux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110840
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:96385
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:100260
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:109732
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:103075
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:110283
    P
    Security update for tmux (Moderate)
    2020-11-05
    oval:org.opensuse.security:def:93547
    P
    Security update for tmux (Moderate)
    2020-11-05
    BACK
    tmux_project tmux *