rpm package
suse/lynx&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/lynx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000211 | Med | 5.3 | < 2.8.6-146.3.1 | 2.8.6-146.3.1 | Nov 17, 2017 | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | |
| CVE-2016-9179 | Hig | 7.5 | < 2.8.6-145.1 | 2.8.6-145.1 | Dec 22, 2016 | lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. |
- affected < 2.8.6-146.3.1fixed 2.8.6-146.3.1
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.
- affected < 2.8.6-145.1fixed 2.8.6-145.1
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.