Lucene search

K

[email protected]NVD:CVE-2023-4255

HistoryDec 21, 2023 - 4:15 p.m.

CVE-2023-4255

2023-12-2116:15:10

CWE-787

[email protected]

web.nvd.nist.gov

1

w3m

out-of-bounds write

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.8%

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Affected configurations

NVD

Node

tatsw3mMatch0.5.3\+git20230121-1

OR

tatsw3mMatch0.5.3\+git20230121-2

OR

tatsw3mMatch0.5.3\+git20230129

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

OR

fedoraprojectfedoraMatch39

References

bugzilla.redhat.com/show_bug.cgi?id=2255207

github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3

github.com/tats/w3m/issues/268

github.com/tats/w3m/pull/273

lists.fedoraproject.org/archives/list/[email protected]/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/

lists.fedoraproject.org/archives/list/[email protected]/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/

lists.fedoraproject.org/archives/list/[email protected]/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.8%

Related for NVD:CVE-2023-4255

osv2 openvas6 ubuntu1 debiancve1 nessus5 ubuntucve1 prion1 cve1 cvelist1 mageia1 fedora3