Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-4255

created 4 months, 2 weeks ago

W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Affected products

w3m

Matching in nixpkgs

pkgs.w3m-nox

Text-mode web browser

nixos-unstable -
- nixpkgs-unstable 0.5.5

pkgs.w3m-full

Text-mode web browser

nixos-unstable -
- nixpkgs-unstable 0.5.5

pkgs.w3m-batch

Text-mode web browser

nixos-unstable -
- nixpkgs-unstable 0.5.5

pkgs.w3m-nographics

Text-mode web browser

nixos-unstable -
- nixpkgs-unstable 0.5.5

Package maintainers

@toastal toastal <toastal+nix@posteo.net>
@anthonyroussel Anthony Roussel <anthony@roussel.dev>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.w3m-nox

pkgs.w3m-full

pkgs.w3m-batch

pkgs.w3m-nographics

Package maintainers