| Name | CVE-2023-45925 |
| Description | GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| mc (PTS) | jessie | 3:4.8.13-3 | vulnerable |
| stretch | 3:4.8.18-1 | vulnerable |
| buster | 3:4.8.22-1 | vulnerable |
| bullseye | 3:4.8.26-1.1 | vulnerable |
| bookworm | 3:4.8.29-2 | vulnerable |
| trixie | 3:4.8.30-1 | vulnerable |
| sid | 3:4.8.31-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| mc | source | (unstable) | (unfixed) | unimportant | | |
Notes
https://midnight-commander.org/ticket/4484
Negligible security impact, crash in CLI tool