CVE-2006-6772 — Use of Externally-Controlled Format String in W3M

CWE-134 — Use of Externally-Controlled Format String7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

13.8%

top 5.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M W3M

Timeline

PublishedDec 27

Latest updateMay 1

Description

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debiantats/w3m< 0.5.1-5.1+3

▶NVDw3m/w3m0.5.1

🔴Vulnerability Details

GHSA

GHSA-x9rf-x2gc-ppgw: Format string vulnerability in the inputAnswer function in file↗2022-05-01

▶

OSV

CVE-2006-6772: Format string vulnerability in the inputAnswer function in file↗2006-12-27

▶

CVEList

CVE-2006-6772: Format string vulnerability in the inputAnswer function in file↗2006-12-27

▶

📋Vendor Advisories

Red Hat

CVE-2006-6772 w3m is vulnerable to format string attack via CN field of SSL/TLS certificate when infoked with -dump/-backend↗2006-12-25

▶

Debian

CVE-2006-6772: w3m - Format string vulnerability in the inputAnswer function in file.c in w3m before ...↗2006

▶

💬Community

Bugzilla

CVE-2006-6772 w3m is vulnerable to format string attack via CN field of SSL/TLS certificate when infoked with -dump/-backend↗2007-01-04

▶