thr3ads.net - Secure testing team - [Secure-testing-team] Bug#594300: CVE-2010-2810: Heap-based buffer overflow [Aug 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Aug-25 07:18 UTC

[Secure-testing-team] Bug#594300: CVE-2010-2810: Heap-based buffer overflow

Package: lynx-cur
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lynx-cur.

CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
| WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through
| 2.8.8dev.4 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a malformed
| URL containing a % (percent) character in the domain name.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2810
    http://security-tracker.debian.org/tracker/CVE-2010-2810

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx0w80ACgkQNxpp46476aroEgCeL1nbj8J2tIr13q2y4Bc712rU
uncAnjVm0hTC4nESvaq7j1RV50gkVlQZ
=L8OU
-----END PGP SIGNATURE-----

Secure testing team - Aug 2010 - Bug#594300: CVE-2010-2810: Heap-based buffer overflow

[Secure-testing-team] Bug#594300: CVE-2010-2810: Heap-based buffer overflow