CVE-2006-6772

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.2

Description The issue is related to a format string vulnerability in the inputAnswer function, which can be exploited remotely. This vulnerability may lead to a disruption in the confidentiality, integrity, and availability of protected information. The exploitation can occur when w3m is run with the dump or backend option and encounters format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Recommendations For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the dump or backend option when running w3m until a patch is applied. Restrict access to https URLs with potentially malicious SSL certificates to minimize the risk of exploitation.