tmux: stack buffer overflow in input_csi_dispatch_sgr_colon (CVE-2020-27347)
An attacker can crash or execute arbitrary code inside tmux server process by writing a special escape sequence to the pane's pseudo tty. Code execution is proved practical only if tmux address space isn't fully randomized. So ASLR with PIE will mitigiate this issue but more complex exploits may be theoretically created.
Fixed In Version:
tmux 3.1c
References:
- https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
- https://www.openwall.com/lists/oss-security/2020/11/05/3
Patch:
https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c