CVE-2020-27347

Name of the Vulnerable Software and Affected Versions tmux versions prior to 3.1c

Description The issue is related to a stack-based buffer overflow in the input csi dispatch sgr colon() function, located in the input.c file. This overflow can be exploited through terminal output, specifically by using a specially crafted escape sequence. The vulnerability can be triggered by displaying malicious content on the screen, such as when viewing a malicious webpage through curl, logging into a malicious host via SSH, or displaying log content that may contain attacker data.

Recommendations For tmux versions prior to 3.1c, update to version 3.1c or later to resolve the issue. As a temporary workaround, consider disabling the input csi dispatch sgr colon() function until a patch is available. Restrict access to the input.c file to minimize the risk of exploitation. Avoid using escape sequences in terminal output until the issue is resolved.