Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
2004-10-18T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | university_of_kansas | lynx | 2.7 | Yes |
| Application | university_of_kansas | lynx | 2.8 | Yes |
| Application | university_of_kansas | lynx | 2.8.1 | Yes |
| Application | university_of_kansas | lynx | 2.8.2_rel1 | Yes |
| Application | university_of_kansas | lynx | 2.8.3 | Yes |
| Application | university_of_kansas | lynx | 2.8.3_dev22 | Yes |
| Application | university_of_kansas | lynx | 2.8.3_pre5 | Yes |
| Application | university_of_kansas | lynx | 2.8.3_rel1 | Yes |
| Application | university_of_kansas | lynx | 2.8.4 | Yes |
| Application | university_of_kansas | lynx | 2.8.4_rel1 | Yes |
| Application | university_of_kansas | lynx | 2.8.5 | Yes |
| Application | university_of_kansas | lynx | 2.8.5_dev2 | Yes |
| Application | university_of_kansas | lynx | 2.8.5_dev3 | Yes |
| Application | university_of_kansas | lynx | 2.8.5_dev4 | Yes |
| Application | university_of_kansas | lynx | 2.8.5_dev5 | Yes |
| Application | university_of_kansas | lynx | 2.8.5_dev8 | Yes |