tmux 3.0/3.1/3.2/3.3 window.c window_pane_set_event null pointer dereference

Summaryinfo

A vulnerability was found in tmux 3.0/3.1/3.2/3.3. It has been classified as problematic. This impacts the function window_pane_set_event of the file window.c. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2022-47016. There is no available exploit.

Detailsinfo

A vulnerability, which was classified as problematic, was found in tmux 3.0/3.1/3.2/3.3. This affects the function window_pane_set_event of the file window.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. The summary by CVE is:

A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 allows attackers to cause denial of service or other unspecified impacts.

The weakness was presented 01/21/2023 as 3312. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2022-47016 since 12/12/2022. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Name

• tmux

Version

• 3.0
• 3.1
• 3.2
• 3.3

Website

• Product: https://github.com/tmux/tmux/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion