Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Published

2005-10-17T20:06:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-131

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	invisible-island	lynx	≤ 2.8.6	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.1	Yes

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt Broken Link ([email protected])
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt Broken Link ([email protected])
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html Broken Link, Patch, Vendor Advisory ([email protected])
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Broken Link ([email protected])
http://secunia.com/advisories/17150 Broken Link ([email protected])
http://secunia.com/advisories/17216 Broken Link ([email protected])
http://secunia.com/advisories/17230 Broken Link ([email protected])
http://secunia.com/advisories/17231 Broken Link ([email protected])
http://secunia.com/advisories/17238 Broken Link ([email protected])
http://secunia.com/advisories/17248 Broken Link ([email protected])
http://secunia.com/advisories/17340 Broken Link ([email protected])
http://secunia.com/advisories/17360 Broken Link ([email protected])
http://secunia.com/advisories/17444 Broken Link ([email protected])
http://secunia.com/advisories/17445 Broken Link ([email protected])
http://secunia.com/advisories/17480 Broken Link ([email protected])
http://secunia.com/advisories/18376 Broken Link ([email protected])
http://secunia.com/advisories/18584 Broken Link ([email protected])
http://secunia.com/advisories/20383 Broken Link ([email protected])
http://securitytracker.com/id?1015065 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 Broken Link ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm Third Party Advisory ([email protected])
http://www.debian.org/security/2005/dsa-874 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2005/dsa-876 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2006/dsa-1085 Mailing List, Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 Third Party Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2005_25_sr.html Broken Link ([email protected])
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2005-803.html Broken Link, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/419763/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/435689/30/4740/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/15117 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 Issue Tracking ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 Broken Link ([email protected])
https://usn.ubuntu.com/206-1/ Broken Link ([email protected])
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17150 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17216 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17230 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17231 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17238 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17248 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17340 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17360 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17444 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17445 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17480 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18376 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18584 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20383 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015065 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2005/dsa-874 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2005/dsa-876 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1085 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2005_25_sr.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2005-803.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/419763/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/435689/30/4740/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15117 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/206-1/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)