Date: Tue, 22 Nov 2016 13:16:48 +0800 From: Kuang-che Wu <kcwu@...e.org> To: oss-security@...ts.openwall.com Subject: CVE request: w3m - multiple vulnerabilities Following are security flaws that I reported to debian's w3m. https://github.com/tats/w3m These issues are all fixed in 0.5.3-33 (v0.5.3+git20161120) released at Nov 20, 2016. Please assign CVEs if you think they are suitable for identifiers. Serious issues - https://github.com/tats/w3m/issues/29 global-buffer-overflow write Moderate issues (the crash point looks not-explitable but I am not sure whether the root cause of them could be reused as exploit gadget) - https://github.com/tats/w3m/issues/32 null deref - https://github.com/tats/w3m/issues/33 null deref - https://github.com/tats/w3m/issues/35 near-null deref - https://github.com/tats/w3m/issues/36 stack overflow - https://github.com/tats/w3m/issues/37 stack overflow - https://github.com/tats/w3m/issues/38 heap overflow read + deref - https://github.com/tats/w3m/issues/39 null deref - https://github.com/tats/w3m/issues/40 null deref - https://github.com/tats/w3m/issues/41 global-buffer-overflow read - https://github.com/tats/w3m/issues/42 null deref - https://github.com/tats/w3m/issues/43 global-buffer-overflow read Low severity - https://github.com/tats/w3m/issues/23 OOM All issues are found by afl-fuzz. Regards, kcwu Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ