Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 up to and including 2.8.8dev.4 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lynx lynx 2.8.8 |