Vulnerability CVE-2018-6197: Information

Description

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-6197
Published: Jan. 25, 2018
Modified: Dec. 29, 2023
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
w3msisyphus0.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp100.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp90.5.3-alt3.git202005020.5.3-alt3.git20200502ALT-PU-2020-3099-2260134Fixed
w3mc10f10.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp110.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/tats/w3m/issues/89
  • Exploit
  • Patch
  • Third Party Advisory
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
  • Patch
  • Third Party Advisory
102846
  • Third Party Advisory
  • VDB Entry
USN-3555-2
  • Third Party Advisory
USN-3555-1
  • Third Party Advisory
openSUSE-SU-2019:1142
    [debian-lts-announce] 20200430 [SECURITY] [DLA 2195-1] w3m security update

        1. Configuration 1

          cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*
          End including
          0.5.3

          Configuration 2

          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top