CVE-2004-1617 - 漏洞详情

CVE-2004-1617 (CNNVD-200410-024)

MEDIUM

中文标题:

Lynx Malformed HTML无限循环服务拒绝漏洞

英文标题:

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (...

CVSS分数: 5.0

发布时间: 2005-02-20 05:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Lynx，lynx-ssl，lynx-cur2.8.6 dev.8之前的版本存在漏洞。远程攻击者可以借助包含无效HTML的网页或HTML邮件导致服务拒绝（无限循环），包括（1）带有超大COLS值的TEXTAREA标签和（2）未终止元素的超大标签名。

英文描述:

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

CWE类型:

CWE-20

受影响产品

厂商	产品	版本	版本范围	平台	CPE
university_of_kansas	lynx	2.7	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.7:::::::*`
university_of_kansas	lynx	2.8	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8:::::::*`
university_of_kansas	lynx	2.8.1	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.1:::::::*`
university_of_kansas	lynx	2.8.2_rel1	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:::::::*`
university_of_kansas	lynx	2.8.3	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.3:::::::*`
university_of_kansas	lynx	2.8.3_dev22	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.3_dev22:::::::*`
university_of_kansas	lynx	2.8.3_pre5	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.3_pre5:::::::*`
university_of_kansas	lynx	2.8.3_rel1	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:::::::*`
university_of_kansas	lynx	2.8.4	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.4:::::::*`
university_of_kansas	lynx	2.8.4_rel1	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:::::::*`
university_of_kansas	lynx	2.8.5	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5:::::::*`
university_of_kansas	lynx	2.8.5_dev2	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev2:::::::*`
university_of_kansas	lynx	2.8.5_dev3	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev3:::::::*`
university_of_kansas	lynx	2.8.5_dev4	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev4:::::::*`
university_of_kansas	lynx	2.8.5_dev5	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev5:::::::*`
university_of_kansas	lynx	2.8.5_dev8	-	-	`cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

11443 vdb-entry
cve.org

访问

20041018 Web browsers - a mini-farce mailing-list
cve.org

访问

DSA-1077 vendor-advisory
cve.org

访问

1011809 vdb-entry
cve.org

访问

20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities mailing-list
cve.org

访问

DSA-1076 vendor-advisory
cve.org

访问

DSA-1085 vendor-advisory
cve.org

访问

20041018 Web browsers - a mini-farce mailing-list
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

20383 third-party-advisory
cve.org

访问

lynx-dos(17804) vdb-entry
cve.org

访问

CVSS评分详情

5.0

MEDIUM

CVSS向量: AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS版本: 2.0

机密性

NONE

完整性

NONE

可用性

PARTIAL

时间信息

发布时间:

2005-02-20 05:00:00

修改时间:

2024-08-08 01:00:36

创建时间:

2025-11-11 15:32:22

更新时间:

2025-11-11 15:48:54

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2004-1617`	2025-11-11 15:17:30	2025-11-11 07:32:22
NVD	`nvd_CVE-2004-1617`	2025-11-11 14:50:55	2025-11-11 07:41:09
CNNVD	`cnnvd_CNNVD-200410-024`	2025-11-11 15:08:44	2025-11-11 07:48:54

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:48:54

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200410-024; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-200410-024
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:41:09

cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:N/I:N/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 16; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 5.0
cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 16
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2004-1617 (CNNVD-200410-024)

中文标题:

Lynx Malformed HTML无限循环服务拒绝漏洞

英文标题:

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史