CVE-2023-4255

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2255207	Issue Tracking Third Party Advisory
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3	Patch
https://github.com/tats/w3m/issues/268	Exploit Issue Tracking Patch
https://github.com/tats/w3m/pull/273	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
https://bugzilla.redhat.com/show_bug.cgi?id=2255207	Issue Tracking Third Party Advisory
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3	Patch
https://github.com/tats/w3m/issues/268	Exploit Issue Tracking Patch
https://github.com/tats/w3m/pull/273	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:::::::*
	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:::::::*
	cpe:2.3:a:tats:w3m:0.5.3\+git20230129:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

21 Nov 2024, 08:34

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2255207 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2255207 - Issue Tracking, Third Party Advisory
References	~~() https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 - Patch~~	() https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 - Patch
References	~~() https://github.com/tats/w3m/issues/268 - Exploit, Issue Tracking, Patch~~	() https://github.com/tats/w3m/issues/268 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/tats/w3m/pull/273 - Issue Tracking, Patch~~	() https://github.com/tats/w3m/pull/273 - Issue Tracking, Patch
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ -

27 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ -

23 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ -

03 Jan 2024, 02:30

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Fedoraproject extra Packages For Enterprise Linux Tats Fedoraproject Fedoraproject fedora Tats w3m
CPE		cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:a:tats:w3m:0.5.3\+git20230129:::::::* cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:::::::* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::* cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:::::::*
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2255207 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2255207 - Issue Tracking, Third Party Advisory
References	~~() https://github.com/tats/w3m/pull/273 -~~	() https://github.com/tats/w3m/pull/273 - Issue Tracking, Patch
References	~~() https://github.com/tats/w3m/issues/268 -~~	() https://github.com/tats/w3m/issues/268 - Exploit, Issue Tracking, Patch
References	~~() https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 -~~	() https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

21 Dec 2023, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-21 16:15

Updated : 2024-11-21 08:34

NVD link : CVE-2023-4255

Mitre link : CVE-2023-4255

CVE.ORG link : CVE-2023-4255

JSON object : View

Products Affected

fedoraproject

extra_packages_for_enterprise_linux
fedora

tats

CWE

CWE-787

Out-of-bounds Write

5.5 /10