oss-sec mailing list archives
Re: CVE request: Lynx
From: Josh Bressers <bressers () redhat com>
Date: Mon, 9 Aug 2010 12:18:03 -0400 (EDT)
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
The Lynx browser is vulnerable to a heap overflow when parsing malformed URLs with a "%" character in the last two characters of the hostname. Reference: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
Please use CVE-2010-2810 for this.
From investigating this issue a bit, it looks like the flaw was introduced
in lynx version 2.8.8dev.1. The functionality that triggers this doesn't exist in any of the previous versions. Thanks. -- JB
Current thread:
- CVE request: Lynx Dan Rosenberg (Aug 09)
- Re: CVE request: Lynx Josh Bressers (Aug 09)