CVE-2010-2810
Published: 20 August 2010
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
Priority
Status
Package | Release | Status |
---|---|---|
lynx-cur Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.8.8dev.2-1ubuntu0.1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(2.8.8dev.7-1)
|
|
oneiric |
Not vulnerable
(2.8.8dev.7-1)
|
|
precise |
Not vulnerable
(2.8.8dev.7-1)
|
|
quantal |
Not vulnerable
(2.8.8dev.7-1)
|
|
upstream |
Released
(2.8.8dev.5-1)
|
|
Patches: other: https://bugs.edge.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254 |