CVE-2004-1617 in Lynxinformazioni

Riassunto

di MITRE

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

20/02/2005

Divulgazione

18/10/2004

Moderazione

accettato

Voce

VDB-22295

CPE

pronto

CWE

CWE-20 (confermato)

CVSS

5.0 (NVD)

EPSS

0.03752

KEV

Attività

molto basso

Settore

Education, Hostingprovider, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1617
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1617
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1617/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!