Bug 1652127 (CVE-2018-19387) - CVE-2018-19387 tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c
Summary: CVE-2018-19387 tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-19387
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1652128 1652952
Blocks: 1652147
TreeView+ depends on / blocked
 
Reported: 2018-11-21 15:51 UTC by Laura Pardo
Modified: 2019-09-29 15:03 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:43:06 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-11-21 15:51:43 UTC
A flaw was found in tmux 2.7 through 2.8. The format_cb_pane_tabs function in format.c might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. 


References: 
https://github.com/tmux/tmux/issues/1547

Upstream Patch: 
https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e

Comment 1 Laura Pardo 2018-11-21 15:52:12 UTC
Created tmux tracking bugs for this issue:

Affects: fedora-all [bug 1652128]

Comment 2 Filipe Rosset 2018-11-21 18:01:55 UTC
great, thanks Laura, I'll fix this issue in a few hours.

Comment 3 Filipe Rosset 2018-11-22 13:06:23 UTC
Fedora Update System 2018-11-21 21:20:52 EST
tmux-2.8-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-28b19d8c63

Fedora Update System 2018-11-21 21:20:58 EST
tmux-2.8-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1

Fedora Update System 2018-11-21 21:21:03 EST
tmux-2.8-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e93f4c7b

Comment 4 Stefan Cornelius 2018-11-23 16:44:45 UTC
Upstream disputes the security impact:
https://github.com/tmux/tmux/issues/1547#issuecomment-441228660

Comment 5 Stefan Cornelius 2018-11-23 16:44:54 UTC
Statement:

This issue did not affect the versions of tmux as shipped with Red Hat Enterprise Linux 7.


Note You need to log in before you can comment on or make changes to this bug.