VDB
CVE-2006-6772
CVE-2006-6772
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
EPSS 13.76% · 94.4th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
13.76%
94.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| w3m | w3m | 0.5.1 |
Timeline
- Dec 27, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 31, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 23, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log url
- FEDORA-2007-077 vendor-advisory
- 20061225 w3m format string bug mailing-list
- ADV-2006-5164 vdb
- OpenPKG-SA-2006.44 vendor-advisory
- http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250 url
- w3m-certificate-format-string(31114) vdb
- 23717 third-party-advisory
- GLSA-200701-06 vendor-advisory
- 23492 third-party-advisory
- 23792 third-party-advisory
- http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 url
- 1017440 vdb
- w3m-inputanswer-format-string(34821) vdb
- http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 url
- SUSE-SA:2007:005 vendor-advisory
- 21735 vdb
- 24332 vdb
- USN-399-1 vendor-advisory
- 23773 third-party-advisory
…and 4 more