Intrusion Prevention

Lynx.NNTP.Article.Header.Buffer.Overflow

Description

It indicates a possible exploit of a Buffer Overflow vulnerability in Lynx. Lynx is vulnerable to a Buffer Overflow vulnerabilitiy when handling NNTP content such as "news:" or "nntp:" URIs. The overflow is located in the HTrjis function and occurs when parsing article headers. If the headers contain certain Asian characters it causes Lynx to add extra escape (ESC)characters, leading to the overflow condition.

Affected Products

University of Kansas Lynx 2.8.6 dev9 and earlier.

Impact

Compromise of the affected system or Denial of Service.

Recommended Actions

Upgrade to University of Kansas Lynx 2.8.6 dev14 or later.

CVE References

CVE-2005-3120