CVE-2005-3120
published 2005-10-17CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.26%
97.5th percentile
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lynx | < lynx 2.8.5-2sarge1 (bookworm) | lynx 2.8.5-2sarge1 (bookworm) |
| invisible-island | lynx | <= 2.8.6 | — |
| invisible-island | lynx | >= 0 < 2.8.5-2sarge1 | 2.8.5-2sarge1 |
| invisible-island | lynx | >= 0 < 2.8.5-2sarge1 | 2.8.5-2sarge1 |
| invisible-island | lynx | >= 0 < 2.8.5-2sarge1 | 2.8.5-2sarge1 |
| invisible-island | lynx | >= 0 < 2.8.5-2sarge1 | 2.8.5-2sarge1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8HIGH
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Lynx vulnerability
vendor_ubuntu·2005-10-17
CVE-2005-3120 Lynx vulnerability
Title: Lynx vulnerability
Summary: Lynx vulnerability
Ulf Harnhammar discovered a remote vulnerability in Lynx when
connecting to a news server (NNTP). The function that added missing
escape chararacters to article headers did not check the size of the
target buffer. Specially crafted news entries could trigger a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the user running lynx. In order to exploit this, the
user is not even required to actively visit a news site with Lynx
since a malicious HTML page could automatically redirect to an nntp://
URL with malicious news items.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
CAN-2005-3120 lynx buffer overflow
vendor_redhat·2005-10-17·CVSS 9.8
CVE-2005-3120 [CRITICAL] CAN-2005-3120 lynx buffer overflow
CAN-2005-3120 lynx buffer overflow
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-3120: lynx - Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier all...
vendor_debian·2005·CVSS 9.8
CVE-2005-3120 [CRITICAL] CVE-2005-3120: lynx - Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier all...
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Scope: local
bookworm: resolved (fixed in 2.8.5-2sarge1)
bullseye: resolved (fixed in 2.8.5-2sarge1)
forky: resolved (fixed in 2.8.5-2sarge1)
sid: resolved (fixed in 2.8.5-2sarge1)
trixie: resolved (fixed in 2.8.5-2sarge1)
GHSA
GHSA-c6vg-33v6-g8vm: Stack-based buffer overflow in the HTrjis function in Lynx 2
ghsa_unreviewed·2022-05-03
CVE-2005-3120 [HIGH] GHSA-c6vg-33v6-g8vm: Stack-based buffer overflow in the HTrjis function in Lynx 2
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
OSV
CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2
osv·2005-10-17·CVSS 9.8
CVE-2005-3120 [CRITICAL] CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
No detection rules found.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.htmlhttp://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://secunia.com/advisories/17150http://secunia.com/advisories/17216http://secunia.com/advisories/17230http://secunia.com/advisories/17231http://secunia.com/advisories/17238http://secunia.com/advisories/17248http://secunia.com/advisories/17340http://secunia.com/advisories/17360http://secunia.com/advisories/17444http://secunia.com/advisories/17445http://secunia.com/advisories/17480http://secunia.com/advisories/18376http://secunia.com/advisories/18584http://secunia.com/advisories/20383http://securitytracker.com/id?1015065http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056http://support.avaya.com/elmodocs2/security/ASA-2006-010.htmhttp://www.debian.org/security/2005/dsa-874http://www.debian.org/security/2005/dsa-876http://www.debian.org/security/2006/dsa-1085http://www.gentoo.org/security/en/glsa/glsa-200510-15.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:186http://www.novell.com/linux/security/advisories/2005_25_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.htmlhttp://www.redhat.com/support/errata/RHSA-2005-803.htmlhttp://www.securityfocus.com/archive/1/419763/100/0/threadedhttp://www.securityfocus.com/archive/1/435689/30/4740/threadedhttp://www.securityfocus.com/bid/15117https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257https://usn.ubuntu.com/206-1/ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.htmlhttp://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://secunia.com/advisories/17150http://secunia.com/advisories/17216http://secunia.com/advisories/17230http://secunia.com/advisories/17231http://secunia.com/advisories/17238http://secunia.com/advisories/17248http://secunia.com/advisories/17340http://secunia.com/advisories/17360http://secunia.com/advisories/17444http://secunia.com/advisories/17445http://secunia.com/advisories/17480http://secunia.com/advisories/18376http://secunia.com/advisories/18584http://secunia.com/advisories/20383http://securitytracker.com/id?1015065http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056http://support.avaya.com/elmodocs2/security/ASA-2006-010.htmhttp://www.debian.org/security/2005/dsa-874http://www.debian.org/security/2005/dsa-876http://www.debian.org/security/2006/dsa-1085http://www.gentoo.org/security/en/glsa/glsa-200510-15.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:186http://www.novell.com/linux/security/advisories/2005_25_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.htmlhttp://www.redhat.com/support/errata/RHSA-2005-803.htmlhttp://www.securityfocus.com/archive/1/419763/100/0/threadedhttp://www.securityfocus.com/archive/1/435689/30/4740/threadedhttp://www.securityfocus.com/bid/15117https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257https://usn.ubuntu.com/206-1/
2005-10-17
Published