9.8

CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Invisible-islandLynx Version <= 2.8.6
DebianDebian Linux Version3.0
DebianDebian Linux Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.26% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://secunia.com/advisories/20383
Broken Link
http://www.debian.org/security/2006/dsa-1085
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
Third Party Advisory
Broken Link
VDB Entry
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186
Third Party Advisory
http://www.securityfocus.com/bid/15117
Third Party Advisory
Broken Link
VDB Entry
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt
Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt
Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html
Patch
Vendor Advisory
Broken Link
http://secunia.com/advisories/17150
Broken Link
http://secunia.com/advisories/17216
Broken Link
http://secunia.com/advisories/17230
Broken Link
http://secunia.com/advisories/17231
Broken Link
http://secunia.com/advisories/17238
Broken Link
http://secunia.com/advisories/17248
Broken Link
http://secunia.com/advisories/17340
Broken Link
http://secunia.com/advisories/17360
Broken Link
http://secunia.com/advisories/17444
Broken Link
http://secunia.com/advisories/17445
Broken Link
http://secunia.com/advisories/17480
Broken Link
http://secunia.com/advisories/18376
Broken Link
http://secunia.com/advisories/18584
Broken Link
http://securitytracker.com/id?1015065
Third Party Advisory
Broken Link
VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm
Third Party Advisory
http://www.debian.org/security/2005/dsa-874
Third Party Advisory
Mailing List
http://www.debian.org/security/2005/dsa-876
Third Party Advisory
Mailing List
http://www.novell.com/linux/security/advisories/2005_25_sr.html
Broken Link
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-803.html
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/419763/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257
Broken Link
https://usn.ubuntu.com/206-1/
Broken Link