CVE-2023-4255

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 21, 2023

Updated: Mar 27, 2024

CWE ID 787

Summary

CVE-2023-4255 is a newly discovered vulnerability in the W3M application's etc.c file. The issue lies in the checkType() function's backspace handling, which can be exploited by supplying a maliciously crafted HTML file to the w3m binary. This out-of-bounds write vulnerability can cause the application to crash, resulting in a denial of service condition. Successful exploitation may not lead to code execution but can significantly impact system availability. Users are advised to update their W3M software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fedora Operating System

Affected Vendors

Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRM37S
https://www.cve.org/CVERecord?id=CVE-2023-4255
https://nvd.nist.gov/vuln/detail/CVE-2023-4255

Back to Vulnerability Database