CVE-2004-1617 in Lynxinfo

Summary

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/20/2005

Disclosure

10/18/2004

Moderation

VulDB entry created

Entries

VDB-22295 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.3

EPSS

0.03666

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1617
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1617
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1617/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!