5
CVE-2004-1617
- EPSS 3.67%
- Veröffentlicht 18.10.2004 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginLynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
University Of Kansas ≫ Lynx Version2.7
University Of Kansas ≫ Lynx Version2.8
University Of Kansas ≫ Lynx Version2.8.1
University Of Kansas ≫ Lynx Version2.8.2_rel1
University Of Kansas ≫ Lynx Version2.8.3
University Of Kansas ≫ Lynx Version2.8.3_dev22
University Of Kansas ≫ Lynx Version2.8.3_pre5
University Of Kansas ≫ Lynx Version2.8.3_rel1
University Of Kansas ≫ Lynx Version2.8.4
University Of Kansas ≫ Lynx Version2.8.4_rel1
University Of Kansas ≫ Lynx Version2.8.5
University Of Kansas ≫ Lynx Version2.8.5_dev2
University Of Kansas ≫ Lynx Version2.8.5_dev3
University Of Kansas ≫ Lynx Version2.8.5_dev4
University Of Kansas ≫ Lynx Version2.8.5_dev5
University Of Kansas ≫ Lynx Version2.8.5_dev8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.67% | 0.867 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.