Ubuntu.comUB:CVE-2021-38165CVE-2021-38165
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
allows remote attackers to discover cleartext credentials because they may
appear in SNI data.
Bugs
References
www.openwall.com/lists/oss-security/2021/08/07/9
bugs.debian.org/991971
github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
launchpad.net/bugs/cve/CVE-2021-38165
lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
lynx.invisible-island.net/current/CHANGES.html
lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
nvd.nist.gov/vuln/detail/CVE-2021-38165
security-tracker.debian.org/tracker/CVE-2021-38165
ubuntu.com/security/notices/USN-4800-1
www.cve.org/CVERecord?id=CVE-2021-38165
www.openwall.com/lists/oss-security/2021/08/07/1
www.openwall.com/lists/oss-security/2021/08/07/11
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.6%