CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Published: Aug 15, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-38223
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
tats / w3m	0.5.3	0.5.3.x

https://github.com/tats/w3m/issues/242
https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

Vulnerability Database

289,697

CVE-2022-38223