7.5

CVE-2018-6197

Exploit
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TatsW3m Version <= 0.5.3
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.39% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html
https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html
https://usn.ubuntu.com/3555-1/
Third Party Advisory
https://usn.ubuntu.com/3555-2/
Third Party Advisory
http://www.securityfocus.com/bid/102846
Third Party Advisory
VDB Entry
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
Patch
Third Party Advisory
https://github.com/tats/w3m/issues/89
Patch
Third Party Advisory
Exploit