9.3

CVE-2006-6772

EPSS 13.76%
Veröffentlicht 27.12.2006 23:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

W3m ≫ W3m Version0.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.76%	0.94

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://fedoranews.org/cms/node/2415

http://fedoranews.org/cms/node/2416

http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html

http://secunia.com/advisories/23492

Vendor Advisory

http://secunia.com/advisories/23588

Vendor Advisory

http://secunia.com/advisories/23717

Vendor Advisory

http://secunia.com/advisories/23773

Vendor Advisory

http://secunia.com/advisories/23792

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200701-06.xml

http://securitytracker.com/id?1017440

http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439

http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79

http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250

http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log

http://www.novell.com/linux/security/advisories/2007_05_w3m.html

http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html

http://www.securityfocus.com/bid/21735

http://www.securityfocus.com/bid/24332

http://www.ubuntu.com/usn/usn-399-1

http://www.vupen.com/english/advisories/2006/5164

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31114

https://exchange.xforce.ibmcloud.com/vulnerabilities/34821

https://nvd.nist.gov/vuln/detail/CVE-2006-6772

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6772

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6772

EUVD