CVE-2017-1000211

Опубликовано: 17 нояб. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

Ссылки

http://lynx.invisible-island.net/current/CHANGES.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/102180
https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html
http://lynx.invisible-island.net/current/CHANGES.html
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/102180
https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00021.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lynx_project:lynx:2.8.9:dev15:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.0043

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2017-1000211

CVSS3: 5.3

ubuntu

около 8 лет назад

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

CVE-2017-1000211

CVSS3: 5.3

redhat

около 8 лет назад

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

CVE-2017-1000211

CVSS3: 5.3

debian

около 8 лет назад

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...

openSUSE-SU-2017:3198-1

suse-cvrf

около 8 лет назад

Security update for lynx

SUSE-SU-2017:3180-1

suse-cvrf

около 8 лет назад

Security update for lynx

EPSS

Процентиль: 62%

0.0043

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-416