tmux: stack buffer overflow in input_csi_dispatch_sgr_colon (CVE-2020-27347)

An attacker can crash or execute arbitrary code inside tmux server process by writing a special escape sequence to the pane's pseudo tty. Code execution is proved practical only if tmux address space isn't fully randomized. So ASLR with PIE will mitigiate this issue but more complex exploits may be theoretically created.

Fixed In Version:

tmux 3.1c

References:

https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
https://www.openwall.com/lists/oss-security/2020/11/05/3

Patch:

https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c

Affected branches:

master (cd8007dc)
3.12-stable (eb90d543)
3.11-stable
3.10-stable

Edited Nov 10, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information