Bug 1077559 - (CVE-2018-6196) VUL-1: CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value allows for DoS
(CVE-2018-6196)
VUL-1: CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 becaus...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/198949/
maint:released:sle10-sp3:63954 CVSSv2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-25 09:11 UTC by Karol Babioch
Modified: 2020-07-10 15:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
reproducer (39 bytes, text/plain)
2018-01-25 09:11 UTC, Karol Babioch
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-01-25 09:11:30 UTC
Created attachment 757581 [details]
reproducer

CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0
because the feed_table_block_tag function in table.c does not prevent a negative
indent value.

Reproducer:
kbabioch@aquarius:~> w3m -T text/html -dump CVE-2018-6196
Speicherzugriffsfehler (Speicherabzug geschrieben)

Tested on Leap (codestream from SUSE:SLE-12:Update), same version in SUSE:SLE-10-SP3:Update and SUSE:SLE-11-SP1:Update.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6196
https://github.com/tats/w3m/issues/88
https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
Comment 8 Swamp Workflow Management 2018-01-26 11:52:01 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-02-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63953
Comment 9 Thomas Blume 2018-03-14 14:51:44 UTC
(In reply to Swamp Workflow Management from comment #8)
> An update workflow for this issue was started.
> This issue was rated as moderate.
> Please submit fixed packages until 2018-02-09.
> When done, reassign the bug to security-team@suse.de.
> https://swamp.suse.de/webswamp/wf/63953

An update to factory has been submitted and accepted:

https://build.opensuse.org/request/show/569801

Reassinging to security-team to wrap this up.
Comment 10 Swamp Workflow Management 2019-03-27 14:28:35 UTC
SUSE-SU-2019:0776-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1077559,1077568,1077572
CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    w3m-0.5.3.git20161120-161.3.4
SUSE Linux Enterprise Server 12-SP3 (src):    w3m-0.5.3.git20161120-161.3.4
SUSE Linux Enterprise Desktop 12-SP4 (src):    w3m-0.5.3.git20161120-161.3.4
SUSE Linux Enterprise Desktop 12-SP3 (src):    w3m-0.5.3.git20161120-161.3.4

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-04-04 22:14:20 UTC
openSUSE-SU-2019:1142-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1077559,1077568,1077572
CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198
Sources used:
openSUSE Leap 42.3 (src):    w3m-0.5.3.git20161120-164.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-06-03 10:16:41 UTC
SUSE-SU-2020:14382-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1077559,1077568,1077572
CVE References: CVE-2018-6196,CVE-2018-6197,CVE-2018-6198
Sources used:
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    w3m-0.5.3.git20161120-5.3.37

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Alexandros Toptsoglou 2020-07-10 15:01:29 UTC
Done