CVE-2022-38223 — Out-of-bounds Write in Fedora

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tats W3M Fedoraproject Fedora

Timeline

PublishedAug 15

Latest updateJan 10

Description

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiantats/w3m< 0.5.3+git20210102-6+deb11u1+3

▶NVDtats/w3m0.5.3

Also affects: Fedora 36, 37

🔴Vulnerability Details

GHSA

GHSA-rf3p-g68h-h93f: There is an out-of-bounds write in checkType located in etc↗2022-08-16

▶

OSV

CVE-2022-38223: There is an out-of-bounds write in checkType located in etc↗2022-08-15

▶

CVEList

CVE-2022-38223: There is an out-of-bounds write in checkType located in etc↗2022-08-15

▶

📋Vendor Advisories

Ubuntu

w3m vulnerability↗2023-01-10

▶

Ubuntu

w3m vulnerability↗2023-01-09

▶

Red Hat

w3m: an out-of-bounds write in checkType located in etc.c in w3m↗2022-08-15

▶

Debian

CVE-2022-38223: w3m - There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It c...↗2022

▶