CVE-2023-4255
- Source
- https://cve.org/CVERecord?id=CVE-2023-4255
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4255.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-4255
- Downstream
- Related
- Published
- 2023-12-21T16:15:10.017Z
- Modified
- 2026-02-01T11:27:14.911659Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
- https://bugzilla.redhat.com/show_bug.cgi?id=2255207
- https://bugzilla.redhat.com/show_bug.cgi?id=2255207
- https://github.com/tats/w3m/issues/268
- https://github.com/tats/w3m/pull/273
- https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3
- https://github.com/tats/w3m/issues/268
- https://github.com/tats/w3m/pull/273
- https://github.com/tats/w3m/issues/268
Affected packages
Git / github.com/tats/w3m
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tats/w3m
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
inu-0-2-2-base
release-0-2-1-inu-1-5
release-0-2-2
release-0-2-3
release-0-2-3-1
release-0-2-3-2
release-0-2-4
release-0-2-5
release-0-3
release-0-3-1
release-0-3-2
release-0-3-2-rc1
release-0-3-2-rc2
release-0-3-2-rc3
release-0-3-2-rc4
release-0-4
release-0-4-1
release-0-4-2
release-0-4-rc1
release-0-4-rc2
release-0-4-rc3
release-0-5
release-0-5-1
release-0-5-2
release-0-5-3
upstream/0.*
upstream/0.1.10+0.1.11pre+kokb23
upstream/0.3
upstream/0.5.1
upstream/0.5.2
upstream/0.5.3
v0.*
v0.5.3+debian-19
v0.5.3+git20150203
v0.5.3+git20150509
v0.5.3+git20150623
v0.5.3+git20150720
v0.5.3+git20150811
v0.5.3+git20151010
v0.5.3+git20151119
v0.5.3+git20160228
v0.5.3+git20160511
v0.5.3+git20160718
v0.5.3+git20161009
v0.5.3+git20161031
v0.5.3+git20161120
v0.5.3+git20170102
v0.5.3+git20180125
v0.5.3+git20190105
v0.5.3+git20200502
v0.5.3+git20210102
v0.5.3+git20220429
v0.5.3+git20230121
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4255.json"
vanir_signatures
[
{
"digest": {
"length": 5123.0,
"function_hash": "295724129922167229010520669919116639190"
},
"source": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3",
"target": {
"function": "checkType",
"file": "etc.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2023-4255-6dcfb28a"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"26460203148569538143327425248504244236",
"57830455825382049290991589887607861603",
"310247818144009291104860925577274623094",
"13455033645732134721802913651060951318",
"26460203148569538143327425248504244236",
"290663834867585646756821739283586001902",
"126908091885490007136439083806724560939",
"288785725841290717425727131037118380981"
]
},
"source": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3",
"target": {
"file": "etc.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2023-4255-dab19ff2"
}
]