{"id":"CVE-2020-27347","details":"In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.","modified":"2026-02-02T03:23:32.320525Z","published":"2020-11-06T03:15:17.137Z","related":["openSUSE-SU-2020:1834-1","openSUSE-SU-2024:11466-1"],"references":[{"type":"ADVISORY","url":"https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c"},{"type":"ADVISORY","url":"https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202011-10"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2020/11/05/3"},{"type":"FIX","url":"https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2020/11/05/3"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2020/11/05/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tmux/tmux","events":[{"introduced":"0"},{"fixed":"a868bacb46e3c900530bed47a1c6f85b0fbe701c"}]}],"database_specific":{"vanir_signatures":[{"target":{"function":"input_csi_dispatch_sgr_colon","file":"input.c"},"id":"CVE-2020-27347-4e35a636","digest":{"function_hash":"170732737008620410805361164261211254853","length":1720},"source":"https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"target":{"file":"input.c"},"id":"CVE-2020-27347-c15704b2","digest":{"threshold":0.9,"line_hashes":["240113919815530745566403619576218062793","77253474740385740734274446039228610202","174889705706748848756308818781097816062","12643815915660841977168808069864222592","125294518473082047418332633995689035105"]},"source":"https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c","signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27347.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}