Lynx, lynx-ssl, and lynx-cur prior to 2.8.6dev.8 allow remote malicious users to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
university of kansas lynx 2.8.3_dev22 |
||
university of kansas lynx 2.8.3_pre5 |
||
university of kansas lynx 2.8.5_dev4 |
||
university of kansas lynx 2.8.5_dev5 |
||
university of kansas lynx 2.7 |
||
university of kansas lynx 2.8 |
||
university of kansas lynx 2.8.4_rel1 |
||
university of kansas lynx 2.8.5 |
||
university of kansas lynx 2.8.1 |
||
university of kansas lynx 2.8.2_rel1 |
||
university of kansas lynx 2.8.3 |
||
university of kansas lynx 2.8.5_dev2 |
||
university of kansas lynx 2.8.5_dev3 |
||
university of kansas lynx 2.8.3_rel1 |
||
university of kansas lynx 2.8.4 |
||
university of kansas lynx 2.8.5_dev8 |
Vulmon