Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Software | From | Fixed in |
---|---|---|
university_of_kansas / lynx | 2.7 | 2.7.x |
university_of_kansas / lynx | 2.8 | 2.8.x |
university_of_kansas / lynx | 2.8.1 | 2.8.1.x |
university_of_kansas / lynx | 2.8.2_rel1 | 2.8.2_rel1.x |
university_of_kansas / lynx | 2.8.3 | 2.8.3.x |
university_of_kansas / lynx | 2.8.3_dev22 | 2.8.3_dev22.x |
university_of_kansas / lynx | 2.8.3_pre5 | 2.8.3_pre5.x |
university_of_kansas / lynx | 2.8.3_rel1 | 2.8.3_rel1.x |
university_of_kansas / lynx | 2.8.4 | 2.8.4.x |
university_of_kansas / lynx | 2.8.4_rel1 | 2.8.4_rel1.x |
university_of_kansas / lynx | 2.8.5 | 2.8.5.x |
university_of_kansas / lynx | 2.8.5_dev2 | 2.8.5_dev2.x |
university_of_kansas / lynx | 2.8.5_dev3 | 2.8.5_dev3.x |
university_of_kansas / lynx | 2.8.5_dev4 | 2.8.5_dev4.x |
university_of_kansas / lynx | 2.8.5_dev5 | 2.8.5_dev5.x |
university_of_kansas / lynx | 2.8.5_dev8 | 2.8.5_dev8.x |