Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47016: A Potential Bug of NPD · Issue #3312 · tmux/tmux

A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.

CVE
#dos

Hi, I found a potential null pointer dereference bug in the project source code of tmux, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug

I think I do not need to provide more specific information in this bug to explain why the function bufferevent_new returns null, because some code snippets can already be seen in the current version of the code as follows

buffer = evbuffer_new();

if (buffer == NULL)

fatalx(“out of memory”);

I look forward to your reply and thank you very much for your patience!

Related news

Gentoo Linux Security Advisory 202409-27

Gentoo Linux Security Advisory 202409-27 - A vulnerability has been found in tmux which could result in application crash. Versions greater than or equal to 3.4 are affected.

Ubuntu Security Notice USN-5843-1

Ubuntu Security Notice 5843-1 - It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907