StarlingX

  1. Bug #2021476
  2. Activity log

Activity log for bug #2021476

Date Who What changed Old value New value Message
2023-05-29 08:56:59 Yue Tao bug added bug
2023-05-29 08:57:07 Yue Tao cve linked 2022-38223
2023-06-13 02:27:48 hqbai starlingx: assignee hqbai (hbai)
2023-06-16 01:55:51 OpenStack Infra starlingx: status Triaged In Progress
2023-06-28 00:34:20 Yue Tao description CVE-2022-38223: https://nvd.nist.gov/vuln/detail/CVE-2022-38223 There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Base Score: High References: https://security-tracker.debian.org/tracker/CVE-2022-38223 ['avahi-daemon_0.8-5_amd64.deb===>avahi-daemon_0.8-5+deb11u2_amd64.deb', 'libavahi-client3_0.8-5_amd64.deb===>libavahi-client3_0.8-5+deb11u2_amd64.deb', 'libavahi-common3_0.8-5_amd64.deb===>libavahi-common3_0.8-5+deb11u2_amd64.deb', 'libavahi-common-data_0.8-5_amd64.deb===>libavahi-common-data_0.8-5+deb11u2_amd64.deb', 'libavahi-core7_0.8-5_amd64.deb===>libavahi-core7_0.8-5+deb11u2_amd64.deb', 'libavahi-glib1_0.8-5_amd64.deb===>libavahi-glib1_0.8-5+deb11u2_amd64.deb'] CVE-2022-38223: https://nvd.nist.gov/vuln/detail/CVE-2022-38223 There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Base Score: High References: https://security-tracker.debian.org/tracker/CVE-2022-38223 ['w3m_0.5.3+git20210102-6_amd64.deb===>w3m_0.5.3+git20210102-6+deb11u1_amd64.deb']
2023-08-21 13:39:41 Ghada Khalil starlingx: status In Progress Fix Released