Bug 1213324 (CVE-2023-38252)

Summary: VUL-0: CVE-2023-38252: w3m: out-of-bounds read in Strnew_size() at w3m/Str.c
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Thomas Blume <thomas.blume>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372426/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-07-14 09:47:41 UTC 
CVE-2023-38252

w3m 0.5.3+git20230129 has an out-of-bounds write in function Strnew_size in
Str.c. This allows attackers to cause a denial of service via a crafted
HTML file.

Upstream issue:

https://github.com/tats/w3m/issues/270

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38252
https://bugzilla.redhat.com/show_bug.cgi?id=2222775
Comment 1 Alexander Bergmann 2023-07-14 09:48:21 UTC 
Affected version :

    0.5.3+git20230129
    0.5.3+git20230121-1
    0.5.3+git20230121-2

Only affecting:

openSUSE:Factory w3m-v0.5.3+git20230121
Comment 2 Thomas Blume 2023-07-14 13:26:51 UTC 
awaiting upstream patch
Comment 3 Thomas Blume 2023-10-11 15:49:42 UTC 
Patch was submitted via:

https://build.opensuse.org/request/show/1100670

closing
Comment 5 Maintenance Automation 2023-11-14 16:30:02 UTC 
SUSE-SU-2023:4439-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1213323, 1213324
CVE References: CVE-2023-38252, CVE-2023-38253
Sources used:
openSUSE Leap 15.5 (src): w3m-0.5.3+git20230121-150000.3.6.1
Basesystem Module 15-SP4 (src): w3m-0.5.3+git20230121-150000.3.6.1
Basesystem Module 15-SP5 (src): w3m-0.5.3+git20230121-150000.3.6.1
openSUSE Leap 15.4 (src): w3m-0.5.3+git20230121-150000.3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.