Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Nov 2016 13:16:48 +0800
From: Kuang-che Wu <kcwu@...e.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: w3m - multiple vulnerabilities

Following are security flaws that I reported to debian's w3m.
https://github.com/tats/w3m

These issues are all fixed in 0.5.3-33 (v0.5.3+git20161120) released
at Nov 20, 2016.

Please assign CVEs if you think they are suitable for identifiers.

Serious issues
- https://github.com/tats/w3m/issues/29 global-buffer-overflow write

Moderate issues
(the crash point looks not-explitable but I am not sure whether the root cause
 of them could be reused as exploit gadget)
- https://github.com/tats/w3m/issues/32 null deref
- https://github.com/tats/w3m/issues/33 null deref
- https://github.com/tats/w3m/issues/35 near-null deref
- https://github.com/tats/w3m/issues/36 stack overflow
- https://github.com/tats/w3m/issues/37 stack overflow
- https://github.com/tats/w3m/issues/38 heap overflow read + deref
- https://github.com/tats/w3m/issues/39 null deref
- https://github.com/tats/w3m/issues/40 null deref
- https://github.com/tats/w3m/issues/41 global-buffer-overflow read
- https://github.com/tats/w3m/issues/42 null deref
- https://github.com/tats/w3m/issues/43 global-buffer-overflow read

Low severity
- https://github.com/tats/w3m/issues/23 OOM

All issues are found by afl-fuzz.

Regards,
kcwu

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ