CVE-2020-27347

In tmux before version 3.1c the function inputcsidispatchsgrcolon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

References

Affected packages

Git / github.com/tmux/tmux

Affected ranges

Type

GIT

Repo

https://github.com/tmux/tmux

Events

Introduced

4cb13d95bac1c7a14f216a0fd1644d8b5e389258

Last affected

25cae5d86f01d0deb050243842ed5d967b3dc411

Fixed

a868bacb46e3c900530bed47a1c6f85b0fbe701c

Database specific

{
    "versions": [
        {
            "introduced": "2.9"
        },
        {
            "last_affected": "3.1b"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27347.json"

vanir_signatures_modified

"2026-04-11T13:53:16Z"

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "input.c",
            "function": "input_csi_dispatch_sgr_colon"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "170732737008620410805361164261211254853",
            "length": 1720.0
        },
        "signature_version": "v1",
        "source": "https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c",
        "id": "CVE-2020-27347-4e35a636"
    },
    {
        "deprecated": false,
        "target": {
            "file": "input.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "240113919815530745566403619576218062793",
                "77253474740385740734274446039228610202",
                "174889705706748848756308818781097816062",
                "12643815915660841977168808069864222592",
                "125294518473082047418332633995689035105"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c",
        "id": "CVE-2020-27347-c15704b2"
    }
]