CVE-2004-1617

Published: Oct 18, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Affected (16)

Products: University Of Kansas: Lynx

University Of Kansas

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
University Of Kansas Lynx	Version 2.7
University Of Kansas Lynx	Version 2.8.1
University Of Kansas Lynx	Version 2.8.2_rel1
University Of Kansas Lynx	Version 2.8.3
University Of Kansas Lynx	Version 2.8.3_dev22
University Of Kansas Lynx	Version 2.8.3_pre5
University Of Kansas Lynx	Version 2.8.3_rel1
University Of Kansas Lynx	Version 2.8.4
University Of Kansas Lynx	Version 2.8.4_rel1
University Of Kansas Lynx	Version 2.8.5
University Of Kansas Lynx	Version 2.8.5_dev2
University Of Kansas Lynx	Version 2.8.5_dev3
University Of Kansas Lynx	Version 2.8.5_dev4
University Of Kansas Lynx	Version 2.8.5_dev5
University Of Kansas Lynx	Version 2.8.5_dev8
University Of Kansas Lynx	Version 2.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://lcamtuf.coredump.cx/mangleme/gallery/

Source: cve@mitre.org

Vendor Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html

Source: cve@mitre.org

Vendor Advisory

http://marc.info/?l=bugtraq&m=109811406620511&w=2

Source: cve@mitre.org

http://secunia.com/advisories/20383

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1011809

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1076

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1077

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1085

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435689/30/4740/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/11443

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17804

Source: cve@mitre.org

http://lcamtuf.coredump.cx/mangleme/gallery/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://marc.info/?l=bugtraq&m=109811406620511&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20383

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1011809

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1076

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1077

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1085

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/435689/30/4740/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11443

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17804

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.