Hi Salvatore,

On Thu, Nov 22, 2018 at 9:53 PM Salvatore Bonaccorso <[email protected]> wrote:
> The "attack" scenario described as follows, that an attacker can cause
> a denial of service (tmux crash) by "by arranging for a malloc
> failure" triggering the issue in format_cb_pane_tabs in format.c
>
> Does this helps?

Not really, because the proposed fix just calls fatal() on allocation
failure so tmux will crash anyway. Someone must have thought that the
failure was exploitable in some way, and it's not clear to me which.

Thanks anyway!

Reply via email to