83263 – Segfaults with some SSL hosts

Bug 83263 - Segfaults with some SSL hosts

Summary: Segfaults with some SSL hosts

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Raw Hide
Classification:	Retired
Component:	w3m
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Akira TAGOH
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-02-01 02:32 UTC by Enrico Scholz
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2003-02-03 09:13:54 UTC
Embargoed:

Attachments	(Terms of Use)

Description Enrico Scholz 2003-02-01 02:32:09 UTC

Description of problem:

| $ w3m https://www.tu-chemnitz.de
| Segmentation fault

Other hosts are working fine (e.g. https://www.redhat.com)

I have not tested if/how this can be exploited, but segfaults which are caused
by remote server-certificates are smelling like a security leak.


Version-Release number of selected component (if applicable):

w3m-0.3.2.2-3
openssl-0.9.7-4


How reproducible:

100%

Comment 1 Akira TAGOH 2003-02-03 08:00:13 UTC

I think it's not vulnerable.

Comment 2 Akira TAGOH 2003-02-03 09:13:54 UTC

fixed in 0.3.2.2-5.

Note You need to log in before you can comment on or make changes to this bug.