Vulnerabilities > CVE-2016-9440 - NULL Pointer Dereference vulnerability in Tats W3M

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
tats
CWE-476
nessus

Summary

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3053-1.NASL
    descriptionThis update for w3m fixes the following issues : - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95650
    published2016-12-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95650
    titleSUSE SLED12 / SLES12 Security Update : w3m (SUSE-SU-2016:3053-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EAFA3AEC211B4DD49B8AA664A3F0917A.NASL
    descriptionMultiple remote code execution and denial of service conditions present.
    last seen2020-06-01
    modified2020-06-02
    plugin id96223
    published2017-01-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96223
    titleFreeBSD : w3m -- multiple vulnerabilities (eafa3aec-211b-4dd4-9b8a-a664a3f0917a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-783E8FA63E.NASL
    descriptionSecurity fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 ---- Update to latest upstream gitrev 20170102 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-22
    plugin id97866
    published2017-03-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97866
    titleFedora 24 : w3m (2017-783e8fa63e)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-08 (w3m: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in w3m. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition via a maliciously crafted HTML file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96239
    published2017-01-03
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96239
    titleGLSA-201701-08 : w3m: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3214-1.NASL
    descriptionA large number of security issues were discovered in the w3m browser. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97522
    published2017-03-03
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97522
    titleUbuntu 12.04 LTS / 14.04 LTS : w3m vulnerabilities (USN-3214-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-2E6B693937.NASL
    descriptionSecurity fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 And new upstream 20170102 as well Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-14
    plugin id97700
    published2017-03-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97700
    titleFedora 25 : w3m (2017-2e6b693937)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1457.NASL
    descriptionThis update for w3m fixes the following security issues (bsc#1011293) : - CVE-2016-9622: w3m: null deref (bsc#1012021) - CVE-2016-9623: w3m: null deref (bsc#1012022) - CVE-2016-9624: w3m: near-null deref (bsc#1012023) - CVE-2016-9625: w3m: stack overflow (bsc#1012024) - CVE-2016-9626: w3m: stack overflow (bsc#1012025) - CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) - CVE-2016-9628: w3m: null deref (bsc#1012027) - CVE-2016-9629: w3m: null deref (bsc#1012028) - CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) - CVE-2016-9631: w3m: null deref (bsc#1012030) - CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) - CVE-2016-9633: w3m: OOM (bsc#1012032) - CVE-2016-9434: w3m: null deref (bsc#1011283) - CVE-2016-9435: w3m: use uninit value (bsc#1011284) - CVE-2016-9436: w3m: use uninit value (bsc#1011285) - CVE-2016-9437: w3m: write to rodata (bsc#1011286) - CVE-2016-9438: w3m: null deref (bsc#1011287) - CVE-2016-9439: w3m: stack overflow (bsc#1011288) - CVE-2016-9440: w3m: near-null deref (bsc#1011289) - CVE-2016-9441: w3m: near-null deref (bsc#1011290) - CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) - CVE-2016-9443: w3m: null deref (bsc#1011292) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-12-14
    plugin id95792
    published2016-12-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95792
    titleopenSUSE Security Update : w3m (openSUSE-2016-1457)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-3046-1.NASL
    descriptionThis update for w3m fixes the following issues : - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95625
    published2016-12-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95625
    titleSUSE SLES11 Security Update : w3m (SUSE-SU-2016:3046-1)