Heap-based buffer overflow in the convert_to_idna function in
WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4
allows remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a malformed URL containing a %
(percent) character in the domain name.