CVE-2010-2810

Lynx 2.8.8dev.1-2.8.8dev.4 - Heap-Based Buffer Overflow via Malformed URL Domain Name

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61007
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128152412221677&w=2
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2042
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1642-1
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128151768510564&w=2

Scores

EPSS 0.0366
EPSS Percentile 88.3%

Details

CWE
CWE-119
Status published
Products (1)
lynx/lynx 2.8.8 dev.1 (4 CPE variants)
Published Aug 20, 2010
Tracked Since Feb 18, 2026