StarlingX

[Debian] CVE: CVE-2022-38223: w3m: an attacker to cause Denial of Service

Bug #2021476 reported by Yue Tao on 2023-05-29

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	hqbai

Bug Description

CVE-2022-38223: https://nvd.nist.gov/vuln/detail/CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Base Score: High

References:

https://security-tracker.debian.org/tracker/CVE-2022-38223

['w3m_0.5.3+git20210102-6_amd64.deb===>w3m_0.5.3+git20210102-6+deb11u1_amd64.deb']

See original description

Tags:

CVE References

2022-38223

hqbai (hbai) on 2023-06-13

Changed in starlingx:
assignee:	nobody → hqbai (hbai)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-16: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/886234

Changed in starlingx:
status:	Triaged → In Progress

Yue Tao (wrytao) on 2023-06-28

description:

updated

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2023-08-21:

The above review was merged on June 24, so marking as Fix Released.

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.