REDHAT-BUG-2255207
First published: Tue Dec 19 2023(Updated: )
w3m has an out-of-bounds write in function checkType() in etc.c. It allows a local attacker to cause Denial of Service or possibly have unspecified other impact via a crafted HTML file. NOTE: It was introduced in the fix of <a href="https://access.redhat.com/security/cve/CVE-2022-38223">CVE-2022-38223</a>. Affects: w3m 0.5.3+git20230129, 0.5.3+git20230121-1, 0.5.3+git20230121-2 Not Affected version: < 0.5.3+git20220429-1 <a href="https://github.com/tats/w3m/issues/268">https://github.com/tats/w3m/issues/268</a> <a href="https://github.com/tats/w3m/pull/273">https://github.com/tats/w3m/pull/273</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| w3m | >=0.5.3+git20230129>=0.5.3+git20230121-1>=0.5.3+git20230121-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2022-38223
- https://github.com/tats/w3m/issues/268
- https://github.com/tats/w3m/pull/273
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255209
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255208
- https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
- https://github.com/tats/w3m/issues/282
- https://github.com/tats/w3m/pull/285
- https://bugzilla.redhat.com/show_bug.cgi?id=2255207
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-4255
- agent/type
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/w3m
- canonical/w3m