QwikSec

Security Database

CVE

CWE

Training

CVE-2006-6772

Published: Dec 27, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log

x_refsource_CONFIRM

FEDORA-2007-077

vendor-advisory

x_refsource_FEDORA

20061225 w3m format string bug

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_VUPEN

OpenPKG-SA-2006.44

vendor-advisory

x_refsource_OPENPKG

http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250

x_refsource_CONFIRM

w3m-certificate-format-string(31114)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

w3m-inputanswer-format-string(34821)

vdb-entry

x_refsource_XF

http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439

x_refsource_MISC

SUSE-SA:2007:005

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

FEDORA-2007-078

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.