Description
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-131
Metadata
- Primary Vendor
- INVISIBLE-ISLAND
- Published
- 10/17/2005
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
invisible-island : lynxdebian : debian_linuxdebian : debian_linux
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.