Unrated severityNVD Advisory· Published Oct 18, 2004· Updated Apr 16, 2026
CVE-2004-1617
CVE-2004-1617
Description
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Affected products
16cpe:2.3:a:university_of_kansas:lynx:2.7:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:university_of_kansas:lynx:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_dev22:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_pre5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev2:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev3:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev4:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev5:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.securityfocus.com/bid/11443nvdExploitVendor Advisory
- lcamtuf.coredump.cx/mangleme/gallery/nvdVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.htmlnvdVendor Advisory
- secunia.com/advisories/20383nvdVendor Advisory
- marc.infonvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1076nvd
- www.debian.org/security/2006/dsa-1077nvd
- www.debian.org/security/2006/dsa-1085nvd
- www.securityfocus.com/archive/1/435689/30/4740/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17804nvd
News mentions
0No linked articles in our index yet.