CVE-2023-4255
MEDIUM
5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0002
Percentile
0,0th
Updated
EPSS Score Trend (Last 90 Days)
787
Out-of-bounds Write
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Unexpected State
Applicable Platforms
Languages:
Assembly, C, C++, Memory-Unsafe
Technologies:
ICS/OT
Application
W3M by Tats
CPE Identifier
View Detailed Analysis
cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
W3M by Tats
CPE Identifier
View Detailed Analysis
cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Fedora by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Extra Packages For Enterprise Linux by Fedoraproject
CPE Identifier
View Detailed Analysis
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
W3M by Tats
CPE Identifier
View Detailed Analysis
cpe:2.3:a:tats:w3m:0.5.3\+git20230129:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugzilla.redhat.com/show_bug.cgi?id=2255207
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
https://github.com/tats/w3m/issues/268
https://github.com/tats/w3m/pull/273
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://bugzilla.redhat.com/show_bug.cgi?id=2255207
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
https://github.com/tats/w3m/issues/268
https://github.com/tats/w3m/pull/273
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…
https://lists.fedoraproject.org/archives/list/[email protected]…