CVE-2005-3120
lynx-ssl - buffer overflow
9.8
CRITICAL
CVSS 3.1
EPSS 30.4%
Description
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
How to fix CVE-2005-3120
To remediate CVE-2005-3120, upgrade the affected package to a fixed version below.
- Debian/lynx—upgrade to 2.8.5-2sarge1 or later
- —upgrade to 2.8.4.1b-3.3 or later
- —upgrade to 2.8.4.1b-3.2 or later
- —upgrade to 2.8.5-2.5woody1 or later
Is CVE-2005-3120 being exploited?
Moderate — EPSS is 30.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 2.8.5-2sarge1
- from 0, < 2.8.4.1b-3.3
- from 0, < 2.8.4.1b-3.2
- from 0, < 2.8.5-2.5woody1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |