CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m
directory is unwritable, which allows a local attacker to craft a symlink
attack to overwrite arbitrary files.
bugs.debian.org/888097
github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
launchpad.net/bugs/cve/CVE-2018-6198
nvd.nist.gov/vuln/detail/CVE-2018-6198
salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
security-tracker.debian.org/tracker/CVE-2018-6198
ubuntu.com/security/notices/USN-3555-1
ubuntu.com/security/notices/USN-3555-2
www.cve.org/CVERecord?id=CVE-2018-6198
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%