Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1522617 (CVE-2017-1000211) - CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to memory disclosure
Summary: CVE-2017-1000211 lynx: Use after free in HTML.c:HTML_put_string() can lead to...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-1000211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1522618 1522619
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-06 06:06 UTC by Sam Fowler
Modified: 2021-02-17 01:10 UTC (History)
1 user (show)

Fixed In Version: lynx 2.8.9dev.16
Clone Of:
Environment:
Last Closed: 2017-12-12 10:01:35 UTC
Embargoed:


Attachments (Terms of Use)

Description Sam Fowler 2017-12-06 06:06:04 UTC
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML.c:HTML_put_string() can append a chunk onto itself.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000211
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000211
https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9

Comment 1 Sam Fowler 2017-12-06 06:06:34 UTC
Created lynx tracking bugs for this issue:

Affects: fedora-25 [bug 1522618]
Affects: fedora-26 [bug 1522619]

Comment 2 Kamil Dudka 2017-12-06 08:58:30 UTC
It makes no sense to create tracking bugs for each release of Fedora separately when they both describe the same issue.  Moreover, Fedora 25 will shortly reach EOL, so the f25 update would hardly ever reach stable update repositories...

Comment 4 Stefan Cornelius 2017-12-12 10:01:43 UTC
Statement:

This issue did not affect the versions of lynx as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the versions of lynx as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.


Note You need to log in before you can comment on or make changes to this bug.