CVE-2017-1000211

EPSS 0.43%
Published 17.11.2017 15:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
CVE-Watchlists
Login
Open
Login

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Lynx Project ≫ Lynx Version2.8.9 Updatedev15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.596

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://lynx.invisible-island.net/current/CHANGES.html

Vendor Advisory

Release Notes

http://www.securityfocus.com/bid/102180

https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9

Third Party Advisory

Release Notes

https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html

https://nvd.nist.gov/vuln/detail/CVE-2017-1000211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000211

EUVD