Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2810

Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.

Related bugs and status

CVE-2010-2810 (Candidate) is related to these bugs:

Bug #613254: Heap overflow when parsing malformed URLs

Summary				In	Importance	Status
	613254	Heap overflow when parsing malformed URLs		lynx-cur (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.vupen.com/e...
MISC: http://www.ubuntu.com/...
MISC: http://marc.info/?l=os...
MISC: http://marc.info/?l=os...
MISC: https://bugs.launchpad...
MISC: https://exchange.xforc...