cbcvebase.
CVE-2005-3120
published 2005-10-17

CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers…

PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.26%
97.5th percentile
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlynx< lynx 2.8.5-2sarge1 (bookworm)lynx 2.8.5-2sarge1 (bookworm)
invisible-islandlynx<= 2.8.6
invisible-islandlynx>= 0 < 2.8.5-2sarge12.8.5-2sarge1
invisible-islandlynx>= 0 < 2.8.5-2sarge12.8.5-2sarge1
invisible-islandlynx>= 0 < 2.8.5-2sarge12.8.5-2sarge1
invisible-islandlynx>= 0 < 2.8.5-2sarge12.8.5-2sarge1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8HIGH
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.