9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.127 Low
EPSS
Percentile
95.5%
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
fedoranews.org/cms/node/2415
fedoranews.org/cms/node/2416
lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html
secunia.com/advisories/23492
secunia.com/advisories/23588
secunia.com/advisories/23717
secunia.com/advisories/23773
secunia.com/advisories/23792
security.gentoo.org/glsa/glsa-200701-06.xml
securitytracker.com/id?1017440
sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79
w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250
w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log
www.novell.com/linux/security/advisories/2007_05_w3m.html
www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html
www.securityfocus.com/bid/21735
www.securityfocus.com/bid/24332
www.ubuntu.com/usn/usn-399-1
www.vupen.com/english/advisories/2006/5164
exchange.xforce.ibmcloud.com/vulnerabilities/31114
exchange.xforce.ibmcloud.com/vulnerabilities/34821