CVE-2018-6196 — Infinite Loop in W3M

CWE-835 — Infinite Loop12 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M Canonical Ubuntu Linux

Timeline

PublishedJan 25

Latest updateMay 13

Description

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debiantats/w3m< 0.5.3-36+3

▶Ubuntutats/w3m< 0.5.3-15ubuntu0.2+1

▶NVDtats/w3m0.5.3

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rhw8-jfw3-7w97: w3m through 0↗2022-05-13

▶

OSV

w3m vulnerabilities↗2018-02-01

▶

CVEList

CVE-2018-6196: w3m through 0↗2018-01-25

▶

OSV

CVE-2018-6196: w3m through 0↗2018-01-25

▶

📋Vendor Advisories

Ubuntu

w3m vulnerabilities↗2018-02-01

▶

Ubuntu

w3m vulnerabilities↗2018-02-01

▶

Red Hat

w3m: Infinite recursion in HTMLlineproc0↗2018-01-23

▶

Debian

CVE-2018-6196: w3m - w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 becaus...↗2018

▶

💬Community

Bugzilla

CVE-2018-6196 w3m: Infinite recursion in HTMLlineproc0 [epel-7]↗2018-01-26

▶

Bugzilla

CVE-2018-6196 w3m: Infinite recursion in HTMLlineproc0 [fedora-all]↗2018-01-26

▶

Bugzilla

CVE-2018-6196 w3m: Infinite recursion in HTMLlineproc0↗2018-01-26

▶