VDB
CVE-2023-4255
CVE-2023-4255
PUBLISHED
Es besteht eine Schwachstelle in w3m. Dieser Fehler besteht in der Backspace-Behandlung der checkType()-Funktion in der Datei etc.c aufgrund eines Out-of-bounds-Schreibproblems. Durch die Bereitstellung einer speziell gestalteten HTML-Datei kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.02% · 6.1th percentile
Risk Scores
EPSS Score
0.02%
6.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell PowerProtect Data Domain Management Center | |
| Dell | Dell PowerProtect Data Domain OS | |
| SUSE | SUSE Linux | |
| Dell | Dell PowerProtect Data Domain <7.10.1.40 | |
| Dell | Dell PowerProtect Data Domain | |
| Dell | Dell PowerProtect Data Domain <7.13.1.10 | |
| Ubuntu | Ubuntu Linux | |
| Dell | Dell PowerProtect Data Domain <8.1.0.0 | |
| Fedora | Fedora Linux | |
| Open Source | Open Source w3m | |
| Dell | Dell PowerProtect Data Domain <7.7.5.50 |
Exploit Intelligence
- https://github.com/tats/w3m/issues/268 (nist-nvd)
Timeline
- Jul 18, 2023 Fix PR Merged
- Dec 21, 2023 CVE Published
- Dec 22, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
- Feb 18, 2024 EPSS Score
- Mar 18, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 15, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 12, 2024 EPSS Score
- Aug 9, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0004.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0004 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-4255 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017586.html advisory
- https://github.com/advisories/GHSA-hx3r-ph4g-9px9 advisory
- https://github.com/tats/w3m/issues/268 advisory
- https://ubuntu.com/security/notices/USN-6580-1 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-3fc66f8bf3 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-aeb75f8b5b advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bf31852fe0 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5253d48b14 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0398ebbbfa advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-38c2261ca0 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377 advisory
- https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability advisory
- https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/ advisory