Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3120 — Incorrect Calculation of Buffer Size in Lynx

CWE-131 — Incorrect Calculation of Buffer Size9 documents9 sources

Severity

9.8CRITICALNVD

EPSS

30.4%

top 3.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Invisible-island Lynx Debian Lynx Debian Linux

Timeline

PublishedOct 17

Latest updateMay 3

Description

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/lynx< lynx 2.8.5-2sarge1 (bookworm)

▶Debianinvisible-island/lynx< 2.8.5-2sarge1+3

▶NVDinvisible-island/lynx2.8.6

Also affects: Debian Linux 3.0, 3.1

Patches

Patch: lists.grok.org.uk ↗Patch: lists.grok.org.uk ↗

🔴Vulnerability Details

GHSA

GHSA-c6vg-33v6-g8vm: Stack-based buffer overflow in the HTrjis function in Lynx 2↗2022-05-03

▶

OSV

CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2↗2005-10-17

▶

💥Exploits & PoCs

Exploit-DB

Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)↗2005-10-17

▶

📋Vendor Advisories

Ubuntu

Lynx vulnerability↗2005-10-17

▶

Red Hat

CAN-2005-3120 lynx buffer overflow↗2005-10-17

▶

Debian

CVE-2005-3120: lynx - Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier all...↗2005

▶

📐Framework References

CWE

Incorrect Calculation of Buffer Size↗

▶

💬Community

Bugzilla

Lynx issues (CVE-2005-2929 and CVE-2005-3120)↗2004-10-29

▶