Published: 07/08/2021 Updated: 07/11/2023

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Lynx up to and including 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote malicious users to discover cleartext credentials because they may appear in SNI data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lynx project lynx
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35

Thorsten Glaser and Axel Beckert reported that lynx, a non-graphical (text-mode) web browser, does not properly handle the userinfo subcomponent of a URI, which can lead to leaking of credential in cleartext in SNI data For the stable distribution (buster), this problem has been fixed in version 289rel1-3+deb10u1 We recommend that you upgrade ...

Lynx through 289 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data (CVE-2021-38165) ...

Lynx through 289 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data ...

HTParse in Lynx through 289 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circu ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some c ...

Various patches for yiffOS packages. Mirror of https://git.yiffos.gay/Core/patches

patches Various patches for yiffOS packages linux: linux/good_panic_message - Changes the kernel panic message to be better linux/config - Kernel compile config - Partly from Arch Linux linux/package-kernelsh - Kernel packaging script glibc: glibc/fhs-runtime - Patches GLibc for FHS runtime directory compilance - From Linux From Scratch pahole: pahole/buildcmd-prefix-and

CWE-522 https://www.openwall.com/lists/oss-security/2021/08/07/1 https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118 https://lynx.invisible-island.net/current/CHANGES.html https://bugs.debian.org/991971 https://www.openwall.com/lists/oss-security/2021/08/07/11 http://www.openwall.com/lists/oss-security/2021/08/07/9 http://www.openwall.com/lists/oss-security/2021/08/07/12 http://www.openwall.com/lists/oss-security/2021/08/07/11 https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html https://www.debian.org/security/2021/dsa-4953 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4953 https://github.com/yiffOS/patches

CVE-2021-38165

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect