Bug 1893339 (CVE-2020-27347)
| Summary: | CVE-2020-27347 tmux: stack buffer overflow in input_csi_dispatch_sgr_colon | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Todd Cullum <tcullum> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dcantrell, rosset.filipe, security-response-team, strobert, sven |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | tmux 3.1c | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-03 20:21:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1894205, 1910707 | ||
| Bug Blocks: | 1893153 | ||
|
Description
Todd Cullum
2020-10-30 19:03:45 UTC
Acknowledgments: Name: Sergey Nizovtsev Created tmux tracking bugs for this issue: Affects: fedora-all [bug 1894205] Statement: tmux as shipped with Red Hat Enterprise Linux of any version is not affected because the vulnerable code exists in newer versions of tmux than those shipped. The affected version for this flaw is tmux-2.9 and greater. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27347 |