CVE-2023-4255

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2255207	Issue Tracking Third Party Advisory
https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3	Patch
https://github.com/tats/w3m/issues/268	Exploit Issue Tracking Patch
https://github.com/tats/w3m/pull/273	Issue Tracking Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-1:::::::*
	cpe:2.3:a:tats:w3m:0.5.3\+git20230121-2:::::::*
	cpe:2.3:a:tats:w3m:0.5.3\+git20230129:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

No history.

Information

Published : 2023-12-21 16:15

Updated : 2024-03-27 03:15

NVD link : CVE-2023-4255

Mitre link : CVE-2023-4255

CVE.ORG link : CVE-2023-4255

JSON object : View

Products Affected

tats

w3m

fedoraproject

extra_packages_for_enterprise_linux
fedora

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-4255", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-12-21T16:15:10.017", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/tats/w3m/issues/268", "tags": ["Exploit", "Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/tats/w3m/pull/273", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de escritura fuera de los l\u00edmites en el manejo de retroceso de la funci\u00f3n checkType() en etc.c dentro de la aplicaci\u00f3n W3M. Esta vulnerabilidad se activa al proporcionar un archivo HTML especialmente manipulado al binario w3m. La explotaci\u00f3n de este fallo podr\u00eda provocar fallos en la aplicaci\u00f3n, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."}], "lastModified": "2024-03-27T03:15:10.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230121-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A31CA22-C625-4E9C-9C57-CCDBC9E9B99A"}, {"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230121-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E2BDFFC-F30D-47CE-B32E-E4C1713ACF1C"}, {"criteria": "cpe:2.3:a:tats:w3m:0.5.3\\+git20230129:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB9F94C4-C1FC-4CD9-B5B4-E745E4B3BCBC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}