VULHUB ™

Lynx is reported to be prone to a format string vulnerability. This vulnerability is present if syslogging of URIs is enabled. The syslog() function that logs URIs omits format specifiers. If a malicious URI is logged which contains attacker-supplied format strings, it will be possible to trigger this condition in a vulnerable client. This condition may be exploited via a link to a malicious URI in a webpage. When the malicious link is visited and logged by the client, it may cause arbitrary locations in memory to be corrupted with attacker-supplied values. This may result in arbitrary code execution in the security context of the client.

Lynx is reported to be prone to a format string vulnerability. This vulnerability is present if syslogging of URIs is enabled. The syslog() function that logs URIs omits format specifiers. If a malicious URI is logged which contains attacker-supplied format strings, it will be possible to trigger this condition in a vulnerable client. This condition may be exploited via a link to a malicious URI in a webpage. When the malicious link is visited and logged by the client, it may cause arbitrary locations in memory to be corrupted with attacker-supplied values. This may result in arbitrary code execution in the security context of the client.