Headline
CVE-2022-47016: A Potential Bug of NPD · Issue #3312 · tmux/tmux
A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.
Hi, I found a potential null pointer dereference bug in the project source code of tmux, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug
I think I do not need to provide more specific information in this bug to explain why the function bufferevent_new returns null, because some code snippets can already be seen in the current version of the code as follows
buffer = evbuffer_new();
if (buffer == NULL)
fatalx(“out of memory”);
I look forward to your reply and thank you very much for your patience!
Related news
Gentoo Linux Security Advisory 202409-27 - A vulnerability has been found in tmux which could result in application crash. Versions greater than or equal to 3.4 are affected.
Ubuntu Security Notice 5843-1 - It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.