tmux: Null Pointer Dereference — GLSA 202409-27

A vulnerability has been found in tmux which could result in application crash.

Affected packages

app-misc/tmux on all architectures
Affected versions < 3.4
Unaffected versions >= 3.4

Background

tmux is a terminal multiplexer.

Description

A null pointer dereference issue was discovered in function window_pane_set_event in window.c in which allows attackers to cause denial of service or other unspecified impacts.

Impact

Manipulating tmux window state could result in a null pointer dereference.

Workaround

There is no known workaround at this time.

Resolution

All tmux users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"
 

References

Release date
September 28, 2024

Latest revision
September 28, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries