Skip to main content

Debian CVE-2026-4751

| EUVDEUVD-2026-14768 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-24 GovTech CSG GHSA-9g3x-ch5w-33ch
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14768
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:37 nvd
MEDIUM 5.3

DescriptionCVE.org

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.

AnalysisAI

A NULL pointer dereference vulnerability exists in tmate versions prior to 2.4.0, allowing unauthenticated remote attackers to cause a denial of service condition by crashing the application. The vulnerability has a CVSS score of 5.3 (medium severity) with low attack complexity and no privilege requirements, making it readily exploitable over the network. A patch is available from the vendor, and this issue does not compromise confidentiality or integrity-only availability.

Technical ContextAI

tmate is a terminal multiplexer and session sharing tool (CPE: cpe:2.3:a:tmate-io:tmate:*:*:*:*:*:*:*:*) that enables remote terminal access and collaboration. The vulnerability is classified as CWE-476 (NULL Pointer Dereference), a memory safety flaw where the application attempts to dereference a pointer that has not been properly initialized or validated. This occurs when tmate processes certain network inputs without adequate null-checks, likely in socket handling or session management code paths. The network-accessible nature (AV:N) and low attack complexity (AC:L) indicate the flaw is triggered by standard network input without requiring special conditions or authentication (PR:N).

RemediationAI

Upgrade tmate to version 2.4.0 or later, which includes the NULL pointer dereference fix. Users can obtain the patched version from the official tmate GitHub repository (https://github.com/tmate-io/tmate) or through their distribution's package manager if available. For environments where immediate patching is not feasible, restrict network access to tmate services using firewall rules or network segmentation to limit exposure to trusted internal hosts only. Additionally, monitor process stability and implement automated restart mechanisms to minimize downtime from potential crashes pending patch deployment.

Vendor StatusVendor

Debian

tmate
Release Status Fixed Version Urgency
bookworm, bullseye vulnerable 2.4.0-2 -
forky, sid, trixie vulnerable 2.4.0-3 -
(unstable) fixed (unfixed) -

SUSE

Severity: Medium

Share

CVE-2026-4751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy