Computer Security
[EN] securityvulns.ru no-pyccku


lynx security vulnerabilities
Published:02.12.2012
Source:
SecurityVulns ID:12732
Type:client
Threat Level:
5/10
Description:Buffer oveflow, insufficient certificate check.
CVE:CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.)
 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.)
Original documentdocumentUBUNTU, [USN-1642-1] Lynx vulnerabilities (02.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod