Vulnerability Details CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.5%
CVSS Severity
CVSS v3 Score 4.7
References
- https://access.redhat.com/security/cve/CVE-2023-38252
- https://bugzilla.redhat.com/show_bug.cgi?id=2222775
- https://github.com/tats/w3m/issues/270
- https://access.redhat.com/security/cve/CVE-2023-38252
- https://bugzilla.redhat.com/show_bug.cgi?id=2222775
- https://github.com/tats/w3m/issues/270
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
Products affected by CVE-2023-38252
-
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0
-
cpe:2.3:a:tats:w3m:0.5.3+git20230121
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:redhat:enterprise_linux:6.0