CVE-2005-3120
Published: 17 October 2005
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Priority
Status
Package | Release | Status |
---|---|---|
lynx Launchpad, Ubuntu, Debian |
dapper |
Released
(2.8.5-2ubuntu1)
|
edgy |
Released
(2.8.5-2ubuntu1)
|
|
feisty |
Released
(2.8.5-2ubuntu1)
|
|
upstream |
Needs triage
|
|
lynx-cur Launchpad, Ubuntu, Debian |
dapper |
Released
(2.8.6-18)
|
edgy |
Released
(2.8.6-18)
|
|
feisty |
Released
(2.8.6-18)
|
|
upstream |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |