CVE-2004-1617
Lynx < 2.8.6dev.8 - Denial of Service via Large TEXTAREA COLS Value
Title source: llmDescription
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
References (11)
Core 11
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11443
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109811406620511&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1077
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011809
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1076
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1085
Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html
Vendor Advisory x_refsource_misc
http://lcamtuf.coredump.cx/mangleme/gallery/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20383
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17804
Scores
EPSS
0.0375
EPSS Percentile
88.6%
Details
CWE
CWE-20
Status
published
Products (16)
university_of_kansas/lynx
2.7
university_of_kansas/lynx
2.8
university_of_kansas/lynx
2.8.1
university_of_kansas/lynx
2.8.2_rel1
university_of_kansas/lynx
2.8.3
university_of_kansas/lynx
2.8.3_dev22
university_of_kansas/lynx
2.8.3_pre5
university_of_kansas/lynx
2.8.3_rel1
university_of_kansas/lynx
2.8.4
university_of_kansas/lynx
2.8.4_rel1
... and 6 more
Published
Oct 18, 2004
Tracked Since
Feb 18, 2026