Vulnerability Description
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lynx Project | Lynx | 2.8.9 |
Related Weaknesses (CWE)
References
- http://lynx.invisible-island.net/current/CHANGES.htmlRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/102180
- https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc090Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html
- http://lynx.invisible-island.net/current/CHANGES.htmlRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/102180
- https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc090Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html
FAQ
What is CVE-2017-1000211?
CVE-2017-1000211 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
How severe is CVE-2017-1000211?
CVE-2017-1000211 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1000211?
Check the references section above for vendor advisories and patch information. Affected products include: Lynx Project Lynx.