CVE-2010-2810
Lynx 2.8.8dev.1-2.8.8dev.4 - Heap-Based Buffer Overflow via Malformed URL Domain Name
Title source: llmDescription
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61007
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=128152412221677&w=2
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2042
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1642-1
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=128151768510564&w=2
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
Scores
EPSS
0.0366
EPSS Percentile
88.3%
Details
CWE
CWE-119
Status
published
Products (1)
lynx/lynx
2.8.8 dev.1 (4 CPE variants)
Published
Aug 20, 2010
Tracked Since
Feb 18, 2026