Denial Of Service (DoS)

2020-04-1000:39:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.016 Low

EPSS

Percentile

87.5%

JSON

elinks is vulnerable to denial of service (DoS). The vulnerability exists as a off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered.

CPENameOperatorVersion
elinkseq0.11.1__5.1.el5
elinkseq0.11.1__5.1.0.1.el5
elinkseq0.11.1__5.1.el5
elinkseq0.11.1__5.1.0.1.el5

Name	Operator	Version
elinks	eq	0.11.1__5.1.el5
elinks	eq	0.11.1__5.1.0.1.el5
elinks	eq	0.11.1__5.1.el5
elinks	eq	0.11.1__5.1.0.1.el5

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347

linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html

osvdb.org/41949

www.redhat.com/security/updates/classification/#important

access.redhat.com/errata/RHSA-2009:1471

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for VERACODE:23885