Vulnerability Details : CVE-2004-1617
Potential exploit
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2004-1617
- cpe:2.3:a:university_of_kansas:lynx:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_dev22:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_pre5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev4:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev2:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1617
2.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1617
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2004-1617
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-1617
-
http://www.securityfocus.com/bid/11443
Exploit;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1085
[SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html
[Full-Disclosure] Mailing List CharterVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17804
Lynx denial of service CVE-2004-1617 Vulnerability Report
-
http://lcamtuf.coredump.cx/mangleme/gallery/
wrong number (404)Vendor Advisory
-
http://marc.info/?l=bugtraq&m=109811406620511&w=2
'Web browsers - a mini-farce' - MARC
-
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
-
http://www.debian.org/security/2006/dsa-1077
[SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service
-
http://www.debian.org/security/2006/dsa-1076
[SECURITY] [DSA 1076-1] New lynx packages fix denial of service
-
http://securitytracker.com/id?1011809
Access Denied
Jump to