Vulnerability Description
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invisible-Island | Lynx | <= 2.8.6 |
| Debian | Debian Linux | 3.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txtBroken Link
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txtBroken Link
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.htmlBroken LinkPatchVendor Advisory
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlBroken Link
- http://secunia.com/advisories/17150Broken Link
- http://secunia.com/advisories/17216Broken Link
- http://secunia.com/advisories/17230Broken Link
- http://secunia.com/advisories/17231Broken Link
- http://secunia.com/advisories/17238Broken Link
- http://secunia.com/advisories/17248Broken Link
- http://secunia.com/advisories/17340Broken Link
- http://secunia.com/advisories/17360Broken Link
- http://secunia.com/advisories/17444Broken Link
- http://secunia.com/advisories/17445Broken Link
- http://secunia.com/advisories/17480Broken Link
FAQ
What is CVE-2005-3120?
CVE-2005-3120 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lyn...
How severe is CVE-2005-3120?
CVE-2005-3120 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2005-3120?
Check the references section above for vendor advisories and patch information. Affected products include: Invisible-Island Lynx, Debian Debian Linux.