Bug 83263 - Segfaults with some SSL hosts
Summary: Segfaults with some SSL hosts
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: w3m
Version: 1.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Akira TAGOH
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-02-01 02:32 UTC by Enrico Scholz
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-02-03 09:13:54 UTC
Embargoed:


Attachments (Terms of Use)

Description Enrico Scholz 2003-02-01 02:32:09 UTC
Description of problem:

| $ w3m https://www.tu-chemnitz.de
| Segmentation fault

Other hosts are working fine (e.g. https://www.redhat.com)

I have not tested if/how this can be exploited, but segfaults which are caused
by remote server-certificates are smelling like a security leak.


Version-Release number of selected component (if applicable):

w3m-0.3.2.2-3
openssl-0.9.7-4


How reproducible:

100%

Comment 1 Akira TAGOH 2003-02-03 08:00:13 UTC
I think it's not vulnerable.

Comment 2 Akira TAGOH 2003-02-03 09:13:54 UTC
fixed in 0.3.2.2-5.



Note You need to log in before you can comment on or make changes to this bug.