Package: lynx Version: 2.8.5-2 Severity: normal Tags: security The following page, if viewed in lynx, causes it to run out of memory: http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html
This is CAN-2004-1617: Lynx allows remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. Details: http://marc.theaimsgroup.com/?l=bugtraq&m=109811406620511&w=2 http://xforce.iss.net/xforce/xfdb/17804 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686-smp Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968) Versions of packages lynx depends on: ii libbz2-1.0 1.0.2-5 high-quality block-sorting file co ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgnutls11 1.0.16-13 GNU TLS library - runtime library ii libncursesw5 5.4-4 Shared libraries for terminal hand ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- see shy jo
