CVE-2022-47016

NameCVE-2022-47016
DescriptionA null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tmux (PTS)buster2.8-3vulnerable
buster (security)2.8-3+deb10u1vulnerable
bullseye3.1c-1+deb11u1vulnerable
bookworm, sid3.3a-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tmuxsource(unstable)(unfixed)unimportant

Notes

https://github.com/tmux/tmux/issues/3312
https://github.com/tmux/tmux/issues/3447
https://github.com/tmux/tmux/commit/e86752820993a00e3d28350cbe46878ba95d9012
Negligible security impact
Search for package or bug name: Reporting problems