CVE-2005-3120

critical

Description

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

References

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253

http://www.mandriva.com/security/advisories?name=MDKSA-2005:186

http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml

http://www.debian.org/security/2006/dsa-1085

http://www.debian.org/security/2005/dsa-876

http://www.debian.org/security/2005/dsa-874

http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm

Details

Source: Mitre, NVD

Published: 2005-10-17

Updated: 2024-02-02

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics