Untriaged
Permalink
CVE-2023-38253
4.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Out of bounds read in growbuf_to_str() at w3m/indep.c
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
References
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2222779 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/tats/w3m/issues/271 x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry
- RHBZ#2222779 issue-tracking x_refsource_REDHAT
- https://github.com/tats/w3m/issues/271
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://access.redhat.com/security/cve/CVE-2023-38253 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2222779 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/tats/w3m/issues/271 x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
Affected products
w3m
Matching in nixpkgs
pkgs.w3m-nographics
Text-mode web browser
-
nixos-unstable -
- nixpkgs-unstable 0.5.5
Package maintainers
-
@toastal toastal <toastal+nix@posteo.net>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>