Sign-up

ID

VAR-202011-0763


CVE

CVE-2020-27347


TITLE

tmux  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-013145

DESCRIPTION

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. tmux Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ========================================================================= Ubuntu Security Notice USN-4618-1 November 05, 2020 tmux vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: tmux could be made to crash or execute arbitrary code if it received a specially crafted input. Software Description: - tmux: terminal multiplexer Details: Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: tmux 3.1b-1ubuntu0.1 Ubuntu 20.04 LTS: tmux 3.0a-2ubuntu0.2 After a standard system update you need to restart tmux session to make all the necessary changes. References: https://usn.ubuntu.com/4618-1 CVE-2020-27347 Package Information: https://launchpad.net/ubuntu/+source/tmux/3.1b-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tmux/3.0a-2ubuntu0.2 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202011-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: tmux: Buffer overflow Date: November 11, 2020 Bugs: #753206 ID: 202011-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in tmux might allow remote attacker(s) to execute arbitrary code. Background ========= tmux is a terminal multiplexer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/tmux < 3.1c >= 3.1c Description ========== A flaw in tmux's handling of escape characters was discovered which may allow a buffer overflow. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All tmux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.1c" References ========= [ 1 ] CVE-2020-27347 https://nvd.nist.gov/vuln/detail/CVE-2020-27347 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202011-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.89

sources: NVD: CVE-2020-27347 // JVNDB: JVNDB-2020-013145 // VULMON: CVE-2020-27347 // PACKETSTORM: 159913 // PACKETSTORM: 160013

AFFECTED PRODUCTS

vendor:tmuxmodel:tmuxscope:gteversion:2.9

Trust: 1.0

vendor:tmuxmodel:tmuxscope:lteversion:3.1b

Trust: 1.0

vendor:nicholas marriottmodel:tmuxscope:eqversion:3.1c

Trust: 0.8

vendor:nicholas marriottmodel:tmuxscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013145 // NVD: CVE-2020-27347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27347
value: HIGH

Trust: 1.0

security@ubuntu.com: CVE-2020-27347
value: HIGH

Trust: 1.0

NVD: CVE-2020-27347
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-563
value: HIGH

Trust: 0.6

VULMON: CVE-2020-27347
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27347
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-27347
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@ubuntu.com: CVE-2020-27347
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-27347
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-27347 // JVNDB: JVNDB-2020-013145 // CNNVD: CNNVD-202011-563 // NVD: CVE-2020-27347 // NVD: CVE-2020-27347

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013145 // NVD: CVE-2020-27347

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-563

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202011-563

PATCH

title:Do not write after the end of the array and overwrite the stack when colon-separated SGR sequences contain empty arguments.url:https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c

Trust: 0.8

title:tmux Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134510

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2020-27347

Trust: 0.1

sources: VULMON: CVE-2020-27347 // JVNDB: JVNDB-2020-013145 // CNNVD: CNNVD-202011-563

EXTERNAL IDS

db:NVDid:CVE-2020-27347

Trust: 2.7

db:OPENWALLid:OSS-SECURITY/2020/11/05/3

Trust: 2.5

db:JVNDBid:JVNDB-2020-013145

Trust: 0.8

db:PACKETSTORMid:159913

Trust: 0.7

db:PACKETSTORMid:160013

Trust: 0.7

db:CNNVDid:CNNVD-202011-563

Trust: 0.6

db:VULMONid:CVE-2020-27347

Trust: 0.1

sources: VULMON: CVE-2020-27347 // JVNDB: JVNDB-2020-013145 // PACKETSTORM: 159913 // PACKETSTORM: 160013 // CNNVD: CNNVD-202011-563 // NVD: CVE-2020-27347

REFERENCES

url:https://www.openwall.com/lists/oss-security/2020/11/05/3

Trust: 2.5

url:https://security.gentoo.org/glsa/202011-10

Trust: 1.8

url:https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c

Trust: 1.7

url:https://raw.githubusercontent.com/tmux/tmux/3.1c/changes

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27347

Trust: 1.6

url:https://packetstormsecurity.com/files/159913/ubuntu-security-notice-usn-4618-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160013/gentoo-linux-security-advisory-202011-10.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2020-27347

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/oss-sec/2020/q4/100

Trust: 0.1

url:https://usn.ubuntu.com/4618-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tmux/3.0a-2ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tmux/3.1b-1ubuntu0.1

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULMON: CVE-2020-27347 // JVNDB: JVNDB-2020-013145 // PACKETSTORM: 159913 // PACKETSTORM: 160013 // CNNVD: CNNVD-202011-563 // NVD: CVE-2020-27347

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 160013 // CNNVD: CNNVD-202011-563

SOURCES

db:VULMONid:CVE-2020-27347
db:JVNDBid:JVNDB-2020-013145
db:PACKETSTORMid:159913
db:PACKETSTORMid:160013
db:CNNVDid:CNNVD-202011-563
db:NVDid:CVE-2020-27347

LAST UPDATE DATE

2024-11-23T23:01:12.037000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-27347date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2020-013145date:2021-06-21T05:15:00
db:CNNVDid:CNNVD-202011-563date:2020-11-18T00:00:00
db:NVDid:CVE-2020-27347date:2024-11-21T05:21:02.433

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-27347date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013145date:2021-06-21T00:00:00
db:PACKETSTORMid:159913date:2020-11-05T17:01:41
db:PACKETSTORMid:160013date:2020-11-11T14:58:36
db:CNNVDid:CNNVD-202011-563date:2020-11-05T00:00:00
db:NVDid:CVE-2020-27347date:2020-11-06T03:15:17.137