LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

lynx: denial of service

Package(s):lynx CVE #(s):CVE-2004-1617
Created:May 26, 2006 Updated:June 1, 2006
Description: The lynx text-mode web browser has a problem understanding invalid html involving the TEXTAREA tag. An infinite loop can happen, resulting in a denial of service.
Alerts:
Debian DSA-1085-1 2006-06-01
Debian DSA-1077-1 2006-05-26
Debian DSA-1076-1 2006-05-26
(Log in to post comments)

lynx: denial of service

Posted Jun 9, 2006 14:24 UTC (Fri) by kingdon (subscriber, #4526) [Link]

The DSA-1085-1 alert (but not the other two) also refers to a more serious sounding issue:

CAN-2005-3120

Ulf Härnhammar discovered a buffer overflow that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds