Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
AnalysisAI
A NULL pointer dereference vulnerability exists in tmate versions prior to 2.4.0, allowing unauthenticated remote attackers to cause a denial of service condition by crashing the application. The vulnerability has a CVSS score of 5.3 (medium severity) with low attack complexity and no privilege requirements, making it readily exploitable over the network. A patch is available from the vendor, and this issue does not compromise confidentiality or integrity-only availability.
Technical ContextAI
tmate is a terminal multiplexer and session sharing tool (CPE: cpe:2.3:a:tmate-io:tmate:*:*:*:*:*:*:*:*) that enables remote terminal access and collaboration. The vulnerability is classified as CWE-476 (NULL Pointer Dereference), a memory safety flaw where the application attempts to dereference a pointer that has not been properly initialized or validated. This occurs when tmate processes certain network inputs without adequate null-checks, likely in socket handling or session management code paths. The network-accessible nature (AV:N) and low attack complexity (AC:L) indicate the flaw is triggered by standard network input without requiring special conditions or authentication (PR:N).
RemediationAI
Upgrade tmate to version 2.4.0 or later, which includes the NULL pointer dereference fix. Users can obtain the patched version from the official tmate GitHub repository (https://github.com/tmate-io/tmate) or through their distribution's package manager if available. For environments where immediate patching is not feasible, restrict network access to tmate services using firewall rules or network segmentation to limit exposure to trusted internal hosts only. Additionally, monitor process stability and implement automated restart mechanisms to minimize downtime from potential crashes pending patch deployment.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | vulnerable | 2.4.0-2 | - |
| forky, sid, trixie | vulnerable | 2.4.0-3 | - |
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14768
GHSA-9g3x-ch5w-33ch