Vulnerabilities > CVE-2016-9434 - NULL Pointer Dereference vulnerability in Tats W3M

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tats

CWE-476

nessus

NVD

Published: 2016-12-12

Updated: 2023-12-29

Summary

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Vulnerable Configurations

Part	Description	Count
Application	Tats Tats W3M 0.5.1 Tats W3M 0.5.1-1 Tats W3M 0.5.1-3 Tats W3M 0.5.1-4 Tats W3M 0.5.1-5 Tats W3M 0.5.1-5.1 Tats W3M 0.5.2 Tats W3M 0.5.2-1 Tats W3M 0.5.2-2 Tats W3M 0.5.2-2.1 Tats W3M 0.5.2-3 Tats W3M 0.5.2-4 Tats W3M 0.5.2-5 Tats W3M 0.5.2-6 Tats W3M 0.5.2-7 Tats W3M 0.5.2-8 Tats W3M 0.5.2-9 Tats W3M 0.5.2-10 Tats W3M 0.5.3 Tats W3M 0.5.3\+Git20160718 Tats W3M 0.5.3\+Git20230121 Tats W3M 0.5.3-1 Tats W3M 0.5.3-2 Tats W3M 0.5.3-3 Tats W3M 0.5.3-4 Tats W3M 0.5.3-5 Tats W3M 0.5.3-6 Tats W3M 0.5.3-7 Tats W3M 0.5.3-8 Tats W3M 0.5.3-9 Tats W3M 0.5.3-10 Tats W3M 0.5.3-11 Tats W3M 0.5.3-12 Tats W3M 0.5.3-13 Tats W3M 0.5.3-14 Tats W3M 0.5.3-15 Tats W3M 0.5.3-16 Tats W3M 0.5.3-17 Tats W3M 0.5.3-18 Tats W3M 0.5.3-19 Tats W3M 0.5.3-20 Tats W3M 0.5.3-21 Tats W3M 0.5.3-22 Tats W3M 0.5.3-23 Tats W3M 0.5.3-24 Tats W3M 0.5.3-25 Tats W3M 0.5.3-26 Tats W3M 0.5.3-27 Tats W3M 0.5.3-28 Tats W3M 0.5.3-29 Tats W3M 0.5.3-30	51

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3053-1.NASL
description	This update for w3m fixes the following issues : - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95650
published	2016-12-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95650
title	SUSE SLED12 / SLES12 Security Update : w3m (SUSE-SU-2016:3053-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_EAFA3AEC211B4DD49B8AA664A3F0917A.NASL
description	Multiple remote code execution and denial of service conditions present.
last seen	2020-06-01
modified	2020-06-02
plugin id	96223
published	2017-01-03
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96223
title	FreeBSD : w3m -- multiple vulnerabilities (eafa3aec-211b-4dd4-9b8a-a664a3f0917a)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-783E8FA63E.NASL
description	Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 ---- Update to latest upstream gitrev 20170102 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-03-22
plugin id	97866
published	2017-03-22
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97866
title	Fedora 24 : w3m (2017-783e8fa63e)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201701-08.NASL
description	The remote host is affected by the vulnerability described in GLSA-201701-08 (w3m: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in w3m. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition via a maliciously crafted HTML file. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96239
published	2017-01-03
reporter	This script is Copyright (C) 2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96239
title	GLSA-201701-08 : w3m: Multiple vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3214-1.NASL
description	A large number of security issues were discovered in the w3m browser. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97522
published	2017-03-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97522
title	Ubuntu 12.04 LTS / 14.04 LTS : w3m vulnerabilities (USN-3214-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-2E6B693937.NASL
description	Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream 20170102 as well Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-03-14
plugin id	97700
published	2017-03-14
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97700
title	Fedora 25 : w3m (2017-2e6b693937)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-1457.NASL
description	This update for w3m fixes the following security issues (bsc#1011293) : - CVE-2016-9622: w3m: null deref (bsc#1012021) - CVE-2016-9623: w3m: null deref (bsc#1012022) - CVE-2016-9624: w3m: near-null deref (bsc#1012023) - CVE-2016-9625: w3m: stack overflow (bsc#1012024) - CVE-2016-9626: w3m: stack overflow (bsc#1012025) - CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) - CVE-2016-9628: w3m: null deref (bsc#1012027) - CVE-2016-9629: w3m: null deref (bsc#1012028) - CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) - CVE-2016-9631: w3m: null deref (bsc#1012030) - CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) - CVE-2016-9633: w3m: OOM (bsc#1012032) - CVE-2016-9434: w3m: null deref (bsc#1011283) - CVE-2016-9435: w3m: use uninit value (bsc#1011284) - CVE-2016-9436: w3m: use uninit value (bsc#1011285) - CVE-2016-9437: w3m: write to rodata (bsc#1011286) - CVE-2016-9438: w3m: null deref (bsc#1011287) - CVE-2016-9439: w3m: stack overflow (bsc#1011288) - CVE-2016-9440: w3m: near-null deref (bsc#1011289) - CVE-2016-9441: w3m: near-null deref (bsc#1011290) - CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) - CVE-2016-9443: w3m: null deref (bsc#1011292) This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-05
modified	2016-12-14
plugin id	95792
published	2016-12-14
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95792
title	openSUSE Security Update : w3m (openSUSE-2016-1457)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3046-1.NASL
description	This update for w3m fixes the following issues : - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95625
published	2016-12-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95625
title	SUSE SLES11 Security Update : w3m (SUSE-SU-2016:3046-1)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References