CVE-2023-38252

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2023-38252 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222775 Issue Tracking Third Party Advisory
https://github.com/tats/w3m/issues/270 Exploit Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
https://access.redhat.com/security/cve/CVE-2023-38252 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2222775 Issue Tracking Third Party Advisory
https://github.com/tats/w3m/issues/270 Exploit Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/
Configurations

Configuration 1 (hide)

cpe:2.3:a:tats:w3m:0.5.3\+git20230121:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5 		v2 : unknown
v3 : 4.7
References () https://access.redhat.com/security/cve/CVE-2023-38252 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-38252 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2222775 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2222775 - Issue Tracking, Third Party Advisory
References () https://github.com/tats/w3m/issues/270 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/tats/w3m/issues/270 - Exploit, Issue Tracking, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ -

27 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/ -

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/ -

29 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:a:w3m_project:w3m:0.5.3\+git20230121:*:*:*:*:*:*:* cpe:2.3:a:tats:w3m:0.5.3\+git20230121:*:*:*:*:*:*:*

26 Jul 2023, 17:10

Type Values Removed Values Added
CPE cpe:2.3:a:w3m_project:w3m:0.5.3\+git20230121:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References (MISC) https://github.com/tats/w3m/issues/270 - (MISC) https://github.com/tats/w3m/issues/270 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-38252 - (MISC) https://access.redhat.com/security/cve/CVE-2023-38252 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222775 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222775 - Issue Tracking, Third Party Advisory
CWE CWE-125

14 Jul 2023, 19:46

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-14 18:15

Updated : 2024-11-21 08:13

NVD link : CVE-2023-38252

Mitre link : CVE-2023-38252

CVE.ORG link : CVE-2023-38252

JSON object : View

Products Affected

tats

  • w3m

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

redhat

  • enterprise_linux
CWE
CWE-125

Out-of-bounds Read