CVE-2023-38253

Summary

CVE	CVE-2023-38253
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-07-14 18:15:00 UTC
Updated	2024-03-27 03:15:00 UTC
Description	An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fedoraproject	Extra Packages For Enterprise Linux	8.0	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Application	Tats	W3m	0.5.3\+git20230121	All	All	All
Application	W3m Project	W3m	0.5.3\+git20230121	All	All	All

References

Reference	Source	Link	Tags
cve-details	MISC	access.redhat.com
lists.fedoraproject.org/archives/list/[email protected]/messag...		lists.fedoraproject.org
[BUG] Out-of-bound read in growbuf_to_Str , indep.c:441 · Issue #271 · tats/w3m · GitHub	MISC	github.com
lists.fedoraproject.org/archives/list/[email protected]/messag...		lists.fedoraproject.org
2222779 – (CVE-2023-38253) CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c	MISC	bugzilla.redhat.com
lists.fedoraproject.org/archives/list/[email protected]/messag...		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

285394 Fedora Security Update for w3m (FEDORA-2024-38c2261ca0)
285395 Fedora Security Update for w3m (FEDORA-2024-3fc66f8bf3)
503275 Alpine Linux Security Update for w3m
506267 Alpine Linux Security Update for w3m
755263 SUSE Enterprise Linux Security Update for w3m (SUSE-SU-2023:4439-1)