CVE-2004-1617

EPSS 3.7%

lynx-ssl - programming error

Published: 10/18/2004Modified: 3/9/2026

Also known as:DSA-1077-1DEBIAN-CVE-2004-1617

Description

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Affected packages (3)

Debian/lynxfrom 0, < 2.8.5-2sarge1.2
Debian/lynxfrom 0, < 2.8.4.1b-3.4
Debian/lynx-sslfrom 0, < 1:2.8.4.1b-3.3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-1617