CVE-2005-3120

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html Broken Link Patch Vendor Advisory
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Broken Link
http://secunia.com/advisories/17150 Broken Link
http://secunia.com/advisories/17216 Broken Link
http://secunia.com/advisories/17230 Broken Link
http://secunia.com/advisories/17231 Broken Link
http://secunia.com/advisories/17238 Broken Link
http://secunia.com/advisories/17248 Broken Link
http://secunia.com/advisories/17340 Broken Link
http://secunia.com/advisories/17360 Broken Link
http://secunia.com/advisories/17444 Broken Link
http://secunia.com/advisories/17445 Broken Link
http://secunia.com/advisories/17480 Broken Link
http://secunia.com/advisories/18376 Broken Link
http://secunia.com/advisories/18584 Broken Link
http://secunia.com/advisories/20383 Broken Link
http://securitytracker.com/id?1015065 Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm Third Party Advisory
http://www.debian.org/security/2005/dsa-874 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-876 Mailing List Third Party Advisory
http://www.debian.org/security/2006/dsa-1085 Mailing List Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_25_sr.html Broken Link
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-803.html Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/419763/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/435689/30/4740/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15117 Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 Broken Link
https://usn.ubuntu.com/206-1/ Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:invisible-island:lynx:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2005-10-17 20:06

Updated : 2024-02-02 14:00

NVD link : CVE-2005-3120

Mitre link : CVE-2005-3120

CVE.ORG link : CVE-2005-3120

JSON object : View

Products Affected

debian

  • debian_linux

invisible-island

  • lynx
CWE
CWE-131

Incorrect Calculation of Buffer Size