CVE-2004-1617

NameCVE-2004-1617
DescriptionLynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1076-1, DSA-1077-1
NVD severitymedium (attack range: remote)
Debian Bugs296340, 384725
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lynx-cur (PTS)squeeze2.8.8dev.5-1fixed
wheezy2.8.8dev.12-2fixed
stretch, jessie2.8.9dev1-2fixed
sid2.8.9dev5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lynxsource(unstable)2.8.5-2sarge1.2low296340, 384725
lynxsourcesarge2.8.5-2sarge2mediumDSA-1076-1
lynxsourcewoody2.8.4.1b-3.4mediumDSA-1076-1
lynx-cursource(unstable)2.8.6-6low
lynx-sslsource(unstable)(unfixed)medium
lynx-sslsourcewoody1:2.8.4.1b-3.3mediumDSA-1077-1

Search for package or bug name: Reporting problems