CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
Configurations

Configuration 1 (hide)

cpe:2.3:a:w3m:w3m:0.5.1:*:*:*:*:*:*:*

History

07 Nov 2023, 01:59

Type Values Removed Values Added
References
  • {'url': 'http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79', 'name': 'http://w3m.cvs.sourceforge.net/*checkout*/w3m/w3m/NEWS?revision=1.79', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 -

Information

Published : 2006-12-27 23:28

Updated : 2024-02-28 11:01


NVD link : CVE-2006-6772

Mitre link : CVE-2006-6772

CVE.ORG link : CVE-2006-6772


JSON object : View

Products Affected

w3m

  • w3m
CWE
CWE-134

Use of Externally-Controlled Format String