EUVD-2026-14768
GHSA-9g3x-ch5w-33ch
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionNVD
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
AnalysisAI
A NULL pointer dereference vulnerability exists in tmate versions prior to 2.4.0, allowing unauthenticated remote attackers to cause a denial of service condition by crashing the application. The vulnerability has a CVSS score of 5.3 (medium severity) with low attack complexity and no privilege requirements, making it readily exploitable over the network. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.
Sign in for detailed remediation steps.
More from same product – last 7 days
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin
In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s
Vendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | vulnerable | 2.4.0-2 | - |
| forky, sid, trixie | vulnerable | 2.4.0-3 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today