Denial of Service Vulnerability in Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8

Denial of Service Vulnerability in Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8

CVE-2004-1617 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Learn more about our Web App Pen Testing.