CVE-2010-2074 — Improper Input Validation in W3M

CWE-20 — Improper Input Validation10 documents9 sources

Severity

6.8MEDIUMNVD

CNA5.9OSV5.9

EPSS

1.8%

top 17.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M W3M

Timeline

PublishedJun 16

Latest updateMay 17

Description

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiantats/w3m< 0.5.2-5+3

▶NVDw3m/w3m0.5.2

🔴Vulnerability Details

GHSA

GHSA-xwjm-4v2q-p47f: istream↗2022-05-17

▶

CVEList

CVE-2010-2074: istream↗2010-06-16

▶

OSV

CVE-2010-2074: istream↗2010-06-16

▶

💥Exploits & PoCs

Exploit-DB

BolinTech DreamFTP Server 1.02 - Format String (Metasploit)↗2010-06-22

▶

📋Vendor Advisories

Ubuntu

w3m vulnerability↗2010-08-09

▶

Red Hat

w3m: doesn't handle NULL in Common Name properly↗2010-06-14

▶

Debian

CVE-2010-2074: w3m - istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is en...↗2010

▶

💬Community

Bugzilla

CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly↗2010-06-16

▶

Bugzilla

CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly [fedora-all]↗2010-06-16

▶