Описание
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lynx | fixed | 2.9.0dev.9-1 | experimental | package |
| lynx | fixed | 2.9.0dev.6-3 | package | |
| lynx | fixed | 2.9.0dev.6-3~deb11u1 | bullseye | package |
Примечания
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
Связанные уязвимости
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Уязвимость подкомпонента userinfo текстового веб-браузера Lynx, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным