CVE-2023-4255: 
NixOS vulnerability analysis and mitigation

An out-of-bounds write vulnerability (CVE-2023-4255) was discovered in the W3M text-based web browser application. The vulnerability exists in the backspace handling of the checkType() function in etc.c. This security flaw was identified as an incomplete fix for a previous vulnerability (CVE-2022-38223) and was disclosed in December 2023 (NVD, Red Hat Bugzilla).

The vulnerability is triggered when processing specially crafted HTML files containing multiple backspace characters. In the checkType() function, the length of previous multi-char characters is stored in a buffer (plens_buffer) with a pointer (plens) indicating the current position. When encountering a backspace, plens is set to the previous position without proper bounds checking, leading to an out-of-bounds condition if there are more backspaces than previously processed multi-char characters. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability can lead to application crashes, resulting in a denial of service condition. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity of the system (NVD).

A fix has been released through an upstream patch that implements proper bounds checking when handling backspace characters. The patch has been incorporated into various distributions including Fedora, Ubuntu, and Debian. Users are advised to update their w3m packages to the latest available versions (GitHub PR, Fedora Update).