Main Vulnerability Database SB2020123023

SB2020123023 - openEuler 20.03 LTS update for tmux

Published: December 30, 2020

Security Bulletin ID SB2020123023

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2020-27347)

The vulnerability allows a local authenticated user to execute arbitrary code.

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1119

SB2020123023 - openEuler 20.03 LTS update for tmux

Breakdown by Severity

Description

Remediation

References

Please verify you're human