Nixpkgs security tracker
Permalink
CVE-2023-4255
5.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
by @jopejoe1 Activity log
- Created suggestion
- @jopejoe1 dismissed
W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
References
-
-
https://github.com/tats/w3m/issues/268 x_transferred
-
https://github.com/tats/w3m/pull/273 x_transferred
Affected products
w3m
Matching in nixpkgs
pkgs.w3m-nographics
Text-mode web browser
-
nixos-unstable -
- nixpkgs-unstable 0.5.5
Package maintainers
-
@toastal toastal <toastal+nix@posteo.net>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>