Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-19387 (GCVE-0-2018-19387)
Vulnerability from cvelistv5 – Published: 2018-11-20 21:00 – Updated: 2018-11-23 14:57
VLAI?
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2018-11-23T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19387",
"datePublished": "2018-11-20T21:00:00",
"dateRejected": "2018-11-23T14:57:01",
"dateReserved": "2018-11-20T00:00:00",
"dateUpdated": "2018-11-23T14:57:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none\"}]",
"id": "CVE-2018-19387",
"lastModified": "2023-11-07T02:55:32.710",
"published": "2018-11-20T21:29:01.027",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Rejected"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-19387\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-11-20T21:29:01.027\",\"lastModified\":\"2023-11-07T02:55:32.710\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none\"}],\"metrics\":{},\"references\":[]}}"
}
}
CNVD-2019-06901
Vulnerability from cnvd - Published: 2019-03-12
VLAI Severity ?
Title
tmux拒绝服务漏洞
Description
tmux是一款开源的终端多路复用器。
tmux 2.7版本至2.8版本中的format.c文件的‘format_cb_pane_tabs’函数存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(空指针逆向引用和应用程序崩溃)。
Severity
中
Patch Name
tmux拒绝服务漏洞的补丁
Patch Description
tmux是一款开源的终端多路复用器。
tmux 2.7版本至2.8版本中的format.c文件的‘format_cb_pane_tabs’函数存在安全漏洞。攻击者可利用该漏洞造成拒绝服务(空指针逆向引用和应用程序崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-19387
Impacted products
| Name | tmux tmux >=2.7,<=2.8 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-19387"
}
},
"description": "tmux\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u7ec8\u7aef\u591a\u8def\u590d\u7528\u5668\u3002\n\ntmux 2.7\u7248\u672c\u81f32.8\u7248\u672c\u4e2d\u7684format.c\u6587\u4ef6\u7684\u2018format_cb_pane_tabs\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
"discovererName": "unKnow",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-06901",
"openTime": "2019-03-12",
"patchDescription": "tmux\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u7ec8\u7aef\u591a\u8def\u590d\u7528\u5668\u3002\r\n\r\ntmux 2.7\u7248\u672c\u81f32.8\u7248\u672c\u4e2d\u7684format.c\u6587\u4ef6\u7684\u2018format_cb_pane_tabs\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "tmux\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "tmux tmux \u003e=2.7\uff0c\u003c=2.8"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-19387",
"serverity": "\u4e2d",
"submitTime": "2018-11-21",
"title": "tmux\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
GSD-2018-19387
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-19387",
"description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"id": "GSD-2018-19387",
"references": [
"https://www.suse.com/security/cve/CVE-2018-19387.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-19387"
],
"details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"id": "GSD-2018-19387",
"modified": "2023-12-13T01:22:38.863774Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19387",
"STATE": "REJECT"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
}
}
OPENSUSE-SU-2020:1834-1
Vulnerability from csaf_opensuse - Published: 2020-11-05 17:25 - Updated: 2020-11-05 17:25Summary
Security update for tmux
Notes
Title of the patch
Security update for tmux
Description of the patch
This update for tmux fixes the following issues:
- Update to version 3.1c
* Fix a stack overflow on colon-separated CSI parsing.
boo#1178263 CVE-2020-27347
- tmux 3.1b:
* Fix crash when allow-rename ison and an empty name is set
- tmux 3.1a:
* Do not close stdout prematurely in control mode since it is
needed to print exit messages. Prevents hanging when detaching
with iTerm2
- includes changes between 3.1-rc1 and 3.1:
* Only search the visible part of the history when marking
(highlighting) search terms. This is much faster than searching
the whole history and solves problems with large histories. The
count of matches shown is now the visible matches rather than
all matches
* Search using regular expressions in copy mode. search-forward
and search-backward use regular expressions by default; the
incremental versions do not
* Turn off mouse mode 1003 as well as the rest when exiting
* Add selection_active format for when the selection is present
but not moving with the cursor
* Fix dragging with modifier keys, so binding keys such as
C-MouseDrag1Pane and C-MouseDragEnd1Pane now work
* Add -a to list-keys to also list keys without notes with -N
* Do not jump to next word end if already on a word end when
selecting a word; fixes select-word with single character words
and vi(1) keys
* Fix top and bottom pane calculation with pane border status
enabled
- Update to v3.1-rc
* Please see the included CHANGES file
- Fix tmux completion
- Update to v3.0a
* A lot of changes since v2.9a, please see the included CHANGES
file.
- Update to v2.9a
- Fix bugs in select-pane and the main-horizontal and main-vertical layouts.
- Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap
15.1), the lack of a trailing newline appears to cause the directory to not
be created.
This is only evident on setups where /run is an actual tmpfs (on btrfs-root
installs, /run is a btrfs subvolume and thus /run/tmux is persistent across
reboots).
- Update to version 2.9
* Add format variables for the default formats in the various modes
(tree_mode_format and so on) and add a -a flag to display-message
to list variables with values.
* Add a -v flag to display-message to show verbose messages as the
format is parsed, this allows formats to be debugged
* Add support for HPA (\033[`).
* Add support for origin mode (\033[?6h).
* No longer clear history on RIS.
* Extend the #[] style syntax and use that together with previous
format changes to allow the status line to be entirely configured
with a single option.
* Add E: and T: format modifiers to expand a format twice
(useful to expand the value of an option).
* The individual -fg, -bg and -attr options have been removed; they
were superseded by -style options in tmux 1.9.
* Add -b to display-panes like run-shell.
* Handle UTF-8 in word-separators option.
* New 'terminal' colour allowing options to use the terminal default
colour rather than inheriting the default from a parent option.
* Do not move the cursor in copy mode when the mouse wheel is used.
* Use the same working directory rules for jobs as new windows rather than
always starting in the user's home.
* Allow panes to be one line or column in size.
* Go to last line when goto-line number is out of range in copy mode.
* Yank previously cut text if any with C-y in the command prompt, only use the
buffer if no text has been cut.
* Add q: format modifier to quote shell special characters.
* Add -Z to find-window.
* Support for windows larger than the client. This adds two new options,
window-size and default-size, and a new command, resize-window. The
force-width and force-height options and the session_width and session_height
formats have been removed.
- update to 2.8
- move bash-completion to right place
* Make display-panes block the client until a pane is chosen or it
times out.
* Clear history on RIS like most other terminals do.
* Add an 'Any' key to run a command if a key is pressed that is not
bound in the current key table.
* Expand formats in load-buffer and save-buffer.
* Add a rectangle_toggle format.
* Add set-hook -R to run a hook immediately.
* Add pane focus hooks.
* Allow any punctuation as separator for s/x/y not only /.
* Improve resizing with the mouse (fix resizing the wrong pane in some
layouts, and allow resizing multiple panes at the same time).
* Allow , and } to be escaped in formats as #, and #}.
* Add KRB5CCNAME to update-environment.
* Change meaning of -c to display-message so the client is used if it
matches the session given to -t.
* Fixes to : form of SGR.
* Add x and X to choose-tree to kill sessions, windows or panes.
- Add bash completion for tmux
- Update to 2.7
* Remove EVENT_* variables from environment on platforms where
tmux uses them so they do not pass on to panes.
* Fixed for hooks at server exit.
* Remove SGR 10 (was equivalent to SGR 0 but no other terminal
seems to do this).
* Expand formats in window and session names.
* Add -Z flag to choose-tree, choose-client, choose-buffer to
automatically zoom the pane when the mode is entered and unzoom
when it exits, assuming the pane is not already zoomed. This is
now part of the default key bindings.
* Add C-g to exit modes with emacs keys.
* Add exit-empty option to exit server if no sessions (default = on)
* Show if a filter is present in choose modes.
* Add pipe-pane -I to to connect stdin of the child process.
* Performance improvements for reflow.
* Use RGB terminfo(5) capability to detect RGB colour terminals
(the existing Tc extension remains unchanged).
* Support for ISO colon-separated SGR sequences.
* Add select-layout -E to spread panes out evenly (bound to E key).
* Support wide characters properly when reflowing.
* Pass PWD to new panes as a hint to shells, as well as calling
chdir().
* Performance improvements for the various choose modes.
* Only show first member of session groups in tree mode (-G flag
to choose-tree to show all).
* Support %else in config files to match %if
* Fix 'kind' terminfo(5) capability to be S-Down not S-Up.
* Add a box around the preview label in tree mode.
* Show exit status and time in the remain-on-exit pane text
* Correctly use pane-base-index in tree mode.
* Change the allow-rename option default to off.
* Support for xterm(1) title stack escape sequences
* Correctly remove padding cells to fix a UTF-8 display problem
- build from release tarball instead of source (drops automake dep)
- Bash completion is now removed and provided by
- cleanup specfile
directory with tmpfiles.d functionality in /run/tmux
Patchnames
openSUSE-2020-1834
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tmux",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tmux fixes the following issues:\n\n- Update to version 3.1c\n * Fix a stack overflow on colon-separated CSI parsing.\n boo#1178263 CVE-2020-27347\n\n- tmux 3.1b:\n * Fix crash when allow-rename ison and an empty name is set\n\n- tmux 3.1a:\n * Do not close stdout prematurely in control mode since it is\n needed to print exit messages. Prevents hanging when detaching\n with iTerm2\n- includes changes between 3.1-rc1 and 3.1:\n * Only search the visible part of the history when marking\n (highlighting) search terms. This is much faster than searching\n the whole history and solves problems with large histories. The\n count of matches shown is now the visible matches rather than\n all matches\n * Search using regular expressions in copy mode. search-forward\n and search-backward use regular expressions by default; the\n incremental versions do not\n * Turn off mouse mode 1003 as well as the rest when exiting\n * Add selection_active format for when the selection is present\n but not moving with the cursor\n * Fix dragging with modifier keys, so binding keys such as\n C-MouseDrag1Pane and C-MouseDragEnd1Pane now work\n * Add -a to list-keys to also list keys without notes with -N\n * Do not jump to next word end if already on a word end when\n selecting a word; fixes select-word with single character words\n and vi(1) keys\n * Fix top and bottom pane calculation with pane border status\n enabled\n\n- Update to v3.1-rc\n * Please see the included CHANGES file\n\n- Fix tmux completion\n\n- Update to v3.0a\n * A lot of changes since v2.9a, please see the included CHANGES\n file.\n\n- Update to v2.9a\n - Fix bugs in select-pane and the main-horizontal and main-vertical layouts.\n\n- Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap\n 15.1), the lack of a trailing newline appears to cause the directory to not\n be created.\n This is only evident on setups where /run is an actual tmpfs (on btrfs-root\n installs, /run is a btrfs subvolume and thus /run/tmux is persistent across\n reboots).\n\n- Update to version 2.9\n * Add format variables for the default formats in the various modes\n (tree_mode_format and so on) and add a -a flag to display-message\n to list variables with values.\n * Add a -v flag to display-message to show verbose messages as the\n format is parsed, this allows formats to be debugged\n * Add support for HPA (\\033[`).\n * Add support for origin mode (\\033[?6h).\n * No longer clear history on RIS.\n * Extend the #[] style syntax and use that together with previous\n format changes to allow the status line to be entirely configured\n with a single option.\n * Add E: and T: format modifiers to expand a format twice\n (useful to expand the value of an option).\n * The individual -fg, -bg and -attr options have been removed; they\n were superseded by -style options in tmux 1.9.\n * Add -b to display-panes like run-shell.\n * Handle UTF-8 in word-separators option.\n * New \u0027terminal\u0027 colour allowing options to use the terminal default\n colour rather than inheriting the default from a parent option.\n * Do not move the cursor in copy mode when the mouse wheel is used.\n * Use the same working directory rules for jobs as new windows rather than\n always starting in the user\u0027s home.\n * Allow panes to be one line or column in size.\n * Go to last line when goto-line number is out of range in copy mode.\n * Yank previously cut text if any with C-y in the command prompt, only use the\n buffer if no text has been cut.\n * Add q: format modifier to quote shell special characters.\n * Add -Z to find-window.\n * Support for windows larger than the client. This adds two new options,\n window-size and default-size, and a new command, resize-window. The\n force-width and force-height options and the session_width and session_height\n formats have been removed.\n\n\n- update to 2.8\n- move bash-completion to right place\n * Make display-panes block the client until a pane is chosen or it\n times out.\n * Clear history on RIS like most other terminals do.\n * Add an \u0027Any\u0027 key to run a command if a key is pressed that is not\n bound in the current key table.\n * Expand formats in load-buffer and save-buffer.\n * Add a rectangle_toggle format.\n * Add set-hook -R to run a hook immediately.\n * Add pane focus hooks.\n * Allow any punctuation as separator for s/x/y not only /.\n * Improve resizing with the mouse (fix resizing the wrong pane in some\n layouts, and allow resizing multiple panes at the same time).\n * Allow , and } to be escaped in formats as #, and #}.\n * Add KRB5CCNAME to update-environment.\n * Change meaning of -c to display-message so the client is used if it\n matches the session given to -t.\n * Fixes to : form of SGR.\n * Add x and X to choose-tree to kill sessions, windows or panes.\n\n- Add bash completion for tmux\n\n- Update to 2.7\n * Remove EVENT_* variables from environment on platforms where\n tmux uses them so they do not pass on to panes.\n * Fixed for hooks at server exit.\n * Remove SGR 10 (was equivalent to SGR 0 but no other terminal\n seems to do this).\n * Expand formats in window and session names.\n * Add -Z flag to choose-tree, choose-client, choose-buffer to\n automatically zoom the pane when the mode is entered and unzoom\n when it exits, assuming the pane is not already zoomed. This is\n now part of the default key bindings.\n * Add C-g to exit modes with emacs keys.\n * Add exit-empty option to exit server if no sessions (default = on)\n * Show if a filter is present in choose modes.\n * Add pipe-pane -I to to connect stdin of the child process.\n * Performance improvements for reflow.\n * Use RGB terminfo(5) capability to detect RGB colour terminals\n (the existing Tc extension remains unchanged).\n * Support for ISO colon-separated SGR sequences.\n * Add select-layout -E to spread panes out evenly (bound to E key).\n * Support wide characters properly when reflowing.\n * Pass PWD to new panes as a hint to shells, as well as calling\n chdir().\n * Performance improvements for the various choose modes.\n * Only show first member of session groups in tree mode (-G flag\n to choose-tree to show all).\n * Support %else in config files to match %if\n * Fix \u0027kind\u0027 terminfo(5) capability to be S-Down not S-Up.\n * Add a box around the preview label in tree mode.\n * Show exit status and time in the remain-on-exit pane text\n * Correctly use pane-base-index in tree mode.\n * Change the allow-rename option default to off.\n * Support for xterm(1) title stack escape sequences\n * Correctly remove padding cells to fix a UTF-8 display problem\n- build from release tarball instead of source (drops automake dep)\n\n- Bash completion is now removed and provided by\n- cleanup specfile\n directory with tmpfiles.d functionality in /run/tmux\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1834",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1834-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1834-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TARFSZEK7MJQGUKVM5RMUTKCCE3JJLUK/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1834-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TARFSZEK7MJQGUKVM5RMUTKCCE3JJLUK/"
},
{
"category": "self",
"summary": "SUSE Bug 1037468",
"url": "https://bugzilla.suse.com/1037468"
},
{
"category": "self",
"summary": "SUSE Bug 1116887",
"url": "https://bugzilla.suse.com/1116887"
},
{
"category": "self",
"summary": "SUSE Bug 1120170",
"url": "https://bugzilla.suse.com/1120170"
},
{
"category": "self",
"summary": "SUSE Bug 1178263",
"url": "https://bugzilla.suse.com/1178263"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19387 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27347 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27347/"
}
],
"title": "Security update for tmux",
"tracking": {
"current_release_date": "2020-11-05T17:25:17Z",
"generator": {
"date": "2020-11-05T17:25:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1834-1",
"initial_release_date": "2020-11-05T17:25:17Z",
"revision_history": [
{
"date": "2020-11-05T17:25:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.1c-bp152.2.3.1.aarch64",
"product": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64",
"product_id": "tmux-3.1c-bp152.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.1c-bp152.2.3.1.ppc64le",
"product": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le",
"product_id": "tmux-3.1c-bp152.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.1c-bp152.2.3.1.s390x",
"product": {
"name": "tmux-3.1c-bp152.2.3.1.s390x",
"product_id": "tmux-3.1c-bp152.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.1c-bp152.2.3.1.x86_64",
"product": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64",
"product_id": "tmux-3.1c-bp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.1c-bp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
},
"product_reference": "tmux-3.1c-bp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19387"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19387",
"url": "https://www.suse.com/security/cve/CVE-2018-19387"
},
{
"category": "external",
"summary": "SUSE Bug 1116887 for CVE-2018-19387",
"url": "https://bugzilla.suse.com/1116887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T17:25:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-19387"
},
{
"cve": "CVE-2020-27347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27347"
}
],
"notes": [
{
"category": "general",
"text": "In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27347",
"url": "https://www.suse.com/security/cve/CVE-2020-27347"
},
{
"category": "external",
"summary": "SUSE Bug 1178263 for CVE-2020-27347",
"url": "https://bugzilla.suse.com/1178263"
},
{
"category": "external",
"summary": "SUSE Bug 1178316 for CVE-2020-27347",
"url": "https://bugzilla.suse.com/1178316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 12:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP1:tmux-3.1c-bp152.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.s390x",
"SUSE Package Hub 15 SP2:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.1:tmux-3.1c-bp152.2.3.1.x86_64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.aarch64",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.ppc64le",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.s390x",
"openSUSE Leap 15.2:tmux-3.1c-bp152.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T17:25:17Z",
"details": "important"
}
],
"title": "CVE-2020-27347"
}
]
}
OPENSUSE-SU-2024:11466-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
tmux-3.2a-1.2 on GA media
Notes
Title of the patch
tmux-3.2a-1.2 on GA media
Description of the patch
These are all security issues fixed in the tmux-3.2a-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tmux-3.2a-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tmux-3.2a-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11466-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19387 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27347 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27347/"
}
],
"title": "tmux-3.2a-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11466-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.2a-1.2.aarch64",
"product": {
"name": "tmux-3.2a-1.2.aarch64",
"product_id": "tmux-3.2a-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.2a-1.2.ppc64le",
"product": {
"name": "tmux-3.2a-1.2.ppc64le",
"product_id": "tmux-3.2a-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.2a-1.2.s390x",
"product": {
"name": "tmux-3.2a-1.2.s390x",
"product_id": "tmux-3.2a-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tmux-3.2a-1.2.x86_64",
"product": {
"name": "tmux-3.2a-1.2.x86_64",
"product_id": "tmux-3.2a-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.2a-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64"
},
"product_reference": "tmux-3.2a-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.2a-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le"
},
"product_reference": "tmux-3.2a-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.2a-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tmux-3.2a-1.2.s390x"
},
"product_reference": "tmux-3.2a-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tmux-3.2a-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
},
"product_reference": "tmux-3.2a-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19387"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64",
"openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le",
"openSUSE Tumbleweed:tmux-3.2a-1.2.s390x",
"openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19387",
"url": "https://www.suse.com/security/cve/CVE-2018-19387"
},
{
"category": "external",
"summary": "SUSE Bug 1116887 for CVE-2018-19387",
"url": "https://bugzilla.suse.com/1116887"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64",
"openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le",
"openSUSE Tumbleweed:tmux-3.2a-1.2.s390x",
"openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19387"
},
{
"cve": "CVE-2020-27347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27347"
}
],
"notes": [
{
"category": "general",
"text": "In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64",
"openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le",
"openSUSE Tumbleweed:tmux-3.2a-1.2.s390x",
"openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27347",
"url": "https://www.suse.com/security/cve/CVE-2020-27347"
},
{
"category": "external",
"summary": "SUSE Bug 1178263 for CVE-2020-27347",
"url": "https://bugzilla.suse.com/1178263"
},
{
"category": "external",
"summary": "SUSE Bug 1178316 for CVE-2020-27347",
"url": "https://bugzilla.suse.com/1178316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64",
"openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le",
"openSUSE Tumbleweed:tmux-3.2a-1.2.s390x",
"openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tmux-3.2a-1.2.aarch64",
"openSUSE Tumbleweed:tmux-3.2a-1.2.ppc64le",
"openSUSE Tumbleweed:tmux-3.2a-1.2.s390x",
"openSUSE Tumbleweed:tmux-3.2a-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-27347"
}
]
}
FKIE_CVE-2018-19387
Vulnerability from fkie_nvd - Published: 2018-11-20 21:29 - Updated: 2023-11-07 02:55
Severity ?
Summary
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"
}
],
"id": "CVE-2018-19387",
"lastModified": "2023-11-07T02:55:32.710",
"metrics": {},
"published": "2018-11-20T21:29:01.027",
"references": [],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Rejected"
}
VAR-201811-0766
Vulnerability from variot - Updated: 2023-12-18 13:08Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Tmux is an open source terminal multiplexer. There is a security hole in the \342\200\230format_cb_pane_tabs\342\200\231 function of the format.c file in tmux 2.7 to 2.8. An attacker could exploit the vulnerability to cause a denial of service (null pointer reverse reference and application crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0766",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tmux",
"scope": "gte",
"trust": 0.6,
"vendor": "tmux",
"version": "2.7\u003c=2.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
}
]
},
"cve": "CVE-2018-19387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06901",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2019-06901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-615",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Tmux is an open source terminal multiplexer. There is a security hole in the \\342\\200\\230format_cb_pane_tabs\\342\\200\\231 function of the format.c file in tmux 2.7 to 2.8. An attacker could exploit the vulnerability to cause a denial of service (null pointer reverse reference and application crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19387"
},
{
"db": "CNVD",
"id": "CNVD-2019-06901"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19387",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2019-06901",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"db": "NVD",
"id": "CVE-2018-19387"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"id": "VAR-201811-0766",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
}
],
"trust": 1.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
}
]
},
"last_update_date": "2023-12-18T13:08:15.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tmux denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/155917"
},
{
"title": "tmux Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86958"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19387"
},
{
"trust": 0.6,
"url": "https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e"
},
{
"trust": 0.6,
"url": "https://github.com/tmux/tmux/issues/1547"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"db": "NVD",
"id": "CVE-2018-19387"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"date": "2018-11-20T21:29:01.027000",
"db": "NVD",
"id": "CVE-2018-19387"
},
{
"date": "2018-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06901"
},
{
"date": "2023-11-07T02:55:32.710000",
"db": "NVD",
"id": "CVE-2018-19387"
},
{
"date": "2018-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tmux denial of service vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06901"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-615"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…