CVE-2022-38223

CVE-2022-38223

Name

CVE-2022-38223

Description

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/tats/w3m/issues/242
MLIST	https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

Type

URI

MISC

https://github.com/tats/w3m/issues/242

MLIST

https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:w3m_project:w3m:0.5.3:::::::*`	w3m	== None	== 0.5.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:w3m_project:w3m:0.5.3:*:*:*:*:*:*:*

w3m

== None

== 0.5.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
w3m	edge-main	0.5.3_git20241203-r0	None	fixed
w3m	edge-main	0.5.3.20230121-r0	None	fixed
w3m	edge-community	0.5.3.20230121-r0	ScrumpyJack <scrumpyjack@st.ilet.to>	fixed
w3m	3.22-community	0.5.3_git20241203-r0	None	fixed
w3m	3.21-community	0.5.3.20230121-r0	None	fixed
w3m	3.20-community	0.5.3.20230121-r0	None	fixed
w3m	3.19-community	0.5.3.20230121-r0	None	fixed
w3m	3.18-community	0.5.3.20230121-r0	ScrumpyJack <scrumpyjack@st.ilet.to>	fixed
w3m	3.17-community	0.5.3.20220429-r3	ScrumpyJack <scrumpyjack@st.ilet.to>	fixed

Source package

Branch

Version

Maintainer

Status

w3m

edge-main

0.5.3_git20241203-r0

None

fixed

w3m

edge-main