CVE 2016-9179
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
See the
CVE page on Mitre.org
for more details.