OSV-2026-532

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tmux/OSV-2026-532.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-532
Published
2026-04-05T00:06:36.291055Z
Modified
2026-04-05T00:06:36.291504Z
Summary
Heap-buffer-overflow in regsub
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499446092

Crash type: Heap-buffer-overflow READ 1
Crash state:
regsub
format_replace
format_expand1
References

Affected packages

OSS-Fuzz / tmux

Package

Name
tmux
Purl
pkg:generic/tmux

Affected ranges

Type
GIT
Repo
https://github.com/tmux/tmux.git
Events
Introduced
7620c03b7278ed631efa98455c5e116538c23ed7
Fixed
3badbc50e0d1c45ebfca2d2d1fad059a055584a5
Fixed
42dafcc62a9361eeaff286172f0e35d4ece12b5a

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"66c324d7ef714e0658ae8525b3f8e4419f211fbe:42dafcc62a9361eeaff286172f0e35d4ece12b5a"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tmux/OSV-2026-532.yaml"
introduced_range 
"6324dae114a1f8c9e1454914a70cba0ded7f5b34:a30fc69f868fa0adf85b0957fe3f67357fe73d73"