5

CVE-2004-1617

Exploit
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme.  NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
University Of KansasLynx Version2.7
University Of KansasLynx Version2.8
University Of KansasLynx Version2.8.1
University Of KansasLynx Version2.8.2_rel1
University Of KansasLynx Version2.8.3
University Of KansasLynx Version2.8.3_dev22
University Of KansasLynx Version2.8.3_pre5
University Of KansasLynx Version2.8.3_rel1
University Of KansasLynx Version2.8.4
University Of KansasLynx Version2.8.4_rel1
University Of KansasLynx Version2.8.5
University Of KansasLynx Version2.8.5_dev2
University Of KansasLynx Version2.8.5_dev3
University Of KansasLynx Version2.8.5_dev4
University Of KansasLynx Version2.8.5_dev5
University Of KansasLynx Version2.8.5_dev8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.75% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lcamtuf.coredump.cx/mangleme/gallery/
Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html
Vendor Advisory
http://marc.info/?l=bugtraq&m=109811406620511&w=2
http://secunia.com/advisories/20383
Vendor Advisory
http://securitytracker.com/id?1011809
http://www.debian.org/security/2006/dsa-1076
http://www.debian.org/security/2006/dsa-1077
http://www.debian.org/security/2006/dsa-1085
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
http://www.securityfocus.com/bid/11443
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17804