CVE-2005-3120

high-risk
Published 2005-10-17

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Do I need to act?

!
30.4% chance of exploitation in next 30 days
EPSS score — higher than 70% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
1256
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Debian Invisible-Island

References (70)

Broken Link ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt
Broken Link ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt
Broken Link http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html
Broken Link http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Broken Link http://secunia.com/advisories/17150
Broken Link http://secunia.com/advisories/17216
Broken Link http://secunia.com/advisories/17230
Broken Link http://secunia.com/advisories/17231
Broken Link http://secunia.com/advisories/17238
Broken Link http://secunia.com/advisories/17248
Broken Link http://secunia.com/advisories/17340
Broken Link http://secunia.com/advisories/17360
Broken Link http://secunia.com/advisories/17444
Broken Link http://secunia.com/advisories/17445
Broken Link http://secunia.com/advisories/17480
Broken Link http://secunia.com/advisories/18376
Broken Link http://secunia.com/advisories/18584
Broken Link http://secunia.com/advisories/20383
Broken Link http://securitytracker.com/id?1015065
Broken Link http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware...
and 50 more references
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 23/34 · High
Exposure 9/34 · Low