Lucene search

[email protected]CVE-2017-1000211

HistoryNov 17, 2017 - 3:29 p.m.

CVE-2017-1000211

2017-11-1715:29:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2017-1000211

lynx

html parser

use after free

vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.

CPENameOperatorVersion
lynx_project:lynxlynx project lynxeq2.8.9

CPE	Name	Operator	Version
lynx_project:lynx	lynx project lynx	eq	2.8.9

References

lynx.invisible-island.net/current/CHANGES.html

www.securityfocus.com/bid/102180

github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9

lists.debian.org/debian-lts-announce/2017/11/msg00021.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CVE-2017-1000211

ubuntucve1 mageia1 redhatcve1 fedora1 openvas5 nessus5 prion1 debiancve1 osv3 debian1 cvelist1 ubuntu1