CVE-2017-1000211 — Use After Free in Lynx

CWE-416 — Use After Free10 documents7 sources

Severity

5.3MEDIUMNVD

OSV7.5

EPSS

0.2%

top 56.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lynx Project Lynx Debian Lynx

Timeline

PublishedNov 17

Latest updateMay 14

Description

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/lynx< lynx 2.8.9dev16-1 (bookworm)

▶Debianlynx_project/lynx< 2.8.9dev16-1+3

▶NVDlynx_project/lynx2.8.9

🔴Vulnerability Details

GHSA

GHSA-6qv4-ghq2-3r52: Lynx before 2↗2022-05-14

▶

OSV

lynx vulnerabilities↗2021-03-15

▶

OSV

CVE-2017-1000211: Lynx before 2↗2017-11-17

▶

📋Vendor Advisories

Ubuntu

Lynx vulnerabilities↗2021-03-15

▶

Red Hat

lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure↗2017-12-06

▶

Debian

CVE-2017-1000211: lynx - Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser res...↗2017

▶

💬Community

Bugzilla

CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure↗2017-12-06

▶

Bugzilla

CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure [fedora-25]↗2017-12-06

▶

Bugzilla

CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure [fedora-26]↗2017-12-06

▶