Details of VAR-201811-0766

ID

VAR-201811-0766

CVE

CVE-2018-19387

TITLE

Tmux denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-06901

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Tmux is an open source terminal multiplexer. There is a security hole in the \342\200\230format_cb_pane_tabs\342\200\231 function of the format.c file in tmux 2.7 to 2.8. An attacker could exploit the vulnerability to cause a denial of service (null pointer reverse reference and application crash)

Trust: 1.44

sources: NVD: CVE-2018-19387 // CNVD: CNVD-2019-06901

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-06901

AFFECTED PRODUCTS

vendor:

tmux

model:

tmux

scope:

gte

version:

2.7<=2.8

Trust: 0.6

sources: CNVD: CNVD-2019-06901

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-06901
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-615
value:	LOW
Trust: 0.6

CNVD:	CNVD-2019-06901
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-06901 // CNNVD: CNNVD-201811-615

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201811-615

PATCH

title:	Tmux denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/155917	Trust: 0.6
title:	tmux Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86958	Trust: 0.6

sources: CNVD: CNVD-2019-06901 // CNNVD: CNNVD-201811-615

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19387	Trust: 2.2
db:	CNVD	id:	CNVD-2019-06901	Trust: 0.6
db:	CNNVD	id:	CNNVD-201811-615	Trust: 0.6

sources: CNVD: CNVD-2019-06901 // CNNVD: CNNVD-201811-615 // NVD: CVE-2018-19387

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-19387	Trust: 0.6
url:	https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e	Trust: 0.6
url:	https://github.com/tmux/tmux/issues/1547	Trust: 0.6

sources: CNVD: CNVD-2019-06901 // CNNVD: CNNVD-201811-615

SOURCES

db:	CNVD	id:	CNVD-2019-06901
db:	CNNVD	id:	CNNVD-201811-615
db:	NVD	id:	CVE-2018-19387

LAST UPDATE DATE

2024-08-14T14:32:54.288000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-06901	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201811-615	date:	2018-11-21T00:00:00
db:	NVD	id:	CVE-2018-19387	date:	2023-11-07T02:55:32.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-06901	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201811-615	date:	2018-11-21T00:00:00
db:	NVD	id:	CVE-2018-19387	date:	2018-11-20T21:29:01.027