CVE-2023-4255

2023-12-2116:15:10

CWE-787

redhat

web.nvd.nist.gov

cve-2023-4255

out-of-bounds write

backspace handling

checktype() function

denial of service

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Affected configurations

Nvd

Node

tatsw3mMatch0.5.3\+git20230121-1

tatsw3mMatch0.5.3\+git20230121-2

tatsw3mMatch0.5.3\+git20230129

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch39

VendorProductVersionCPE
tatsw3m0.5.3+git20230121-1cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:*:*:*:*:*:*:*
tatsw3m0.5.3+git20230121-2cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:*:*:*:*:*:*:*
tatsw3m0.5.3+git20230129cpe:2.3:a:tats:w3m:0.5.3\+git20230129:*:*:*:*:*:*:*
fedoraprojectextra_packages_for_enterprise_linux8.0cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tats	w3m	0.5.3+git20230121-1	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:::::::*
tats	w3m	0.5.3+git20230121-2	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:::::::*
tats	w3m	0.5.3+git20230129	cpe:2.3:a:tats:w3m:0.5.3\+git20230129:::::::*
fedoraproject	extra_packages_for_enterprise_linux	8.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
fedoraproject	fedora	39	cpe:2.3:o:fedoraproject:fedora:39:::::::*

CNA Affected

[
  {
    "product": "w3m",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "w3m",
    "defaultStatus": "affected"
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "w3m",
    "defaultStatus": "affected"
  }
]