CVE-2017-1000211

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000211
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000211.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000211
Downstream
Related
Published
2017-11-17T15:29:00.310Z
Modified
2026-04-16T06:18:41.333567715Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring() can append a chunk onto itself.

References

Affected packages

Git / github.com/ThomasDickey/lynx-snapshots

Affected ranges

Type
GIT
Repo
https://github.com/ThomasDickey/lynx-snapshots
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f3c226747c841f40c7a86c1dd07b478114dfcd6c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.9-dev15"
        }
    ]
}
Type
GIT
Repo
https://github.com/thomasdickey/lynx-snapshots
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
280a61b300a1614f6037efc0902ff7ecf17146e9

Affected versions

Other
2-8rel_3
v2-7-1
v2-7-1ac-0_111
v2-7-1ac-0_113
v2-7-1ac-0_114
v2-7-1ac-0_115
v2-7-1ac-0_117
v2-7-1ac_0-102
v2-7-1ac_0-105
v2-7-1ac_0-106
v2-7-1ac_0-110
v2-7-1ac_0-28
v2-7-1ac_0-30
v2-7-1ac_0-36
v2-7-1ac_0-38
v2-7-1ac_0-39
v2-7-1ac_0-42
v2-7-1ac_0-43
v2-7-1ac_0-45
v2-7-1ac_0-46
v2-7-1ac_0-47
v2-7-1ac_0-48
v2-7-1ac_0-52
v2-7-1ac_0-55
v2-7-1ac_0-56
v2-7-1ac_0-57
v2-7-1ac_0-58
v2-7-1ac_0-6
v2-7-1ac_0-60
v2-7-1ac_0-64
v2-7-1ac_0-67
v2-7-1ac_0-68
v2-7-1ac_0-69
v2-7-1ac_0-76
v2-7-1ac_0-84
v2-7-1ac_0-89
v2-7-1ac_0-93
v2-7-1ac_0-95
v2-7-1ac_0-97
v2-8-1dev_10
v2-8-1dev_11
v2-8-1dev_12
v2-8-1dev_13
v2-8-1dev_14
v2-8-1dev_16
v2-8-1dev_17
v2-8-1dev_18
v2-8-1dev_19
v2-8-1dev_2
v2-8-1dev_20
v2-8-1dev_21
v2-8-1dev_22
v2-8-1dev_23
v2-8-1dev_24
v2-8-1dev_25
v2-8-1dev_26
v2-8-1dev_28
v2-8-1dev_29
v2-8-1dev_3
v2-8-1dev_4
v2-8-1dev_5
v2-8-1dev_6
v2-8-1dev_7
v2-8-1dev_8
v2-8-1dev_9
v2-8-1pre_1
v2-8-1pre_10
v2-8-1pre_11
v2-8-1pre_2
v2-8-1pre_3
v2-8-1pre_4
v2-8-1pre_5
v2-8-1pre_6
v2-8-1pre_7
v2-8-1pre_8
v2-8-1pre_9
v2-8-1rel_1
v2-8-1rel_2
v2-8-2dev_1
v2-8-2dev_10
v2-8-2dev_11
v2-8-2dev_12
v2-8-2dev_13
v2-8-2dev_14
v2-8-2dev_15
v2-8-2dev_16
v2-8-2dev_17
v2-8-2dev_18
v2-8-2dev_19
v2-8-2dev_2
v2-8-2dev_20
v2-8-2dev_21
v2-8-2dev_22
v2-8-2dev_23
v2-8-2dev_24
v2-8-2dev_25
v2-8-2dev_26
v2-8-2dev_3
v2-8-2dev_4
v2-8-2dev_5
v2-8-2dev_6
v2-8-2dev_7
v2-8-2dev_8
v2-8-2dev_9
v2-8-2pre_1
v2-8-2pre_10
v2-8-2pre_11
v2-8-2pre_2
v2-8-2pre_3
v2-8-2pre_4
v2-8-2pre_5
v2-8-2pre_6
v2-8-2pre_7
v2-8-2pre_8
v2-8-2pre_9
v2-8-2rel_1
v2-8-3_3
v2-8-3dev_1
v2-8-3dev_10
v2-8-3dev_11
v2-8-3dev_12
v2-8-3dev_13
v2-8-3dev_14
v2-8-3dev_15
v2-8-3dev_16
v2-8-3dev_17
v2-8-3dev_18
v2-8-3dev_19
v2-8-3dev_2
v2-8-3dev_20
v2-8-3dev_21
v2-8-3dev_22
v2-8-3dev_23
v2-8-3dev_4
v2-8-3dev_5
v2-8-3dev_6
v2-8-3dev_7
v2-8-3dev_9
v2-8-3pre_1
v2-8-3pre_2
v2-8-3pre_3
v2-8-3pre_4
v2-8-3pre_5
v2-8-3pre_6
v2-8-3pre_7
v2-8-3pre_8
v2-8-3rel_1
v2-8-4dev_1
v2-8-4dev_10
v2-8-4dev_11
v2-8-4dev_12
v2-8-4dev_13
v2-8-4dev_14
v2-8-4dev_15
v2-8-4dev_16
v2-8-4dev_17
v2-8-4dev_18
v2-8-4dev_19
v2-8-4dev_2
v2-8-4dev_20
v2-8-4dev_21
v2-8-4dev_3
v2-8-4dev_4
v2-8-4dev_5
v2-8-4dev_6
v2-8-4dev_7
v2-8-4dev_8
v2-8-4dev_9
v2-8-4pre_1
v2-8-4pre_2
v2-8-4pre_3
v2-8-4pre_4
v2-8-4pre_5
v2-8-4rel_1
v2-8-5dev_1
v2-8-5dev_11
v2-8-5dev_12
v2-8-5dev_13
v2-8-5dev_14
v2-8-5dev_15
v2-8-5dev_16
v2-8-5dev_17
v2-8-5dev_2
v2-8-5dev_3
v2-8-5dev_4
v2-8-5dev_5
v2-8-5dev_6
v2-8-5dev_7
v2-8-5dev_8
v2-8-5dev_9
v2-8-5pre_1
v2-8-5pre_2
v2-8-5pre_3
v2-8-5pre_4
v2-8-5pre_5
v2-8-5rel_1
v2-8-6dev_1
v2-8-6dev_10
v2-8-6dev_11
v2-8-6dev_12
v2-8-6dev_13
v2-8-6dev_14
v2-8-6dev_15
v2-8-6dev_16
v2-8-6dev_17
v2-8-6dev_18
v2-8-6dev_19
v2-8-6dev_2
v2-8-6dev_3
v2-8-6dev_4
v2-8-6dev_5
v2-8-6dev_6
v2-8-6dev_7
v2-8-6dev_8
v2-8-6dev_9
v2-8-6pre_2
v2-8-6pre_3
v2-8-6pre_4
v2-8-6pre_5
v2-8-6pre_6
v2-8-6rel_1
v2-8-6rel_2
v2-8-7dev_1
v2-8-7dev_10
v2-8-7dev_10b
v2-8-7dev_10c
v2-8-7dev_10d
v2-8-7dev_10e
v2-8-7dev_11
v2-8-7dev_11a
v2-8-7dev_11b
v2-8-7dev_11c
v2-8-7dev_11d
v2-8-7dev_12
v2-8-7dev_12a
v2-8-7dev_12b
v2-8-7dev_12c
v2-8-7dev_12d
v2-8-7dev_12e
v2-8-7dev_12f
v2-8-7dev_12g
v2-8-7dev_13
v2-8-7dev_13b
v2-8-7dev_13c
v2-8-7dev_13d
v2-8-7dev_15f
v2-8-7dev_2
v2-8-7dev_3
v2-8-7dev_4
v2-8-7dev_4a
v2-8-7dev_4b
v2-8-7dev_4c
v2-8-7dev_4d
v2-8-7dev_4e
v2-8-7dev_4f
v2-8-7dev_5
v2-8-7dev_5a
v2-8-7dev_5b
v2-8-7dev_5c
v2-8-7dev_5d
v2-8-7dev_5e
v2-8-7dev_5f
v2-8-7dev_6
v2-8-7dev_7
v2-8-7dev_7a
v2-8-7dev_7b
v2-8-7dev_7c
v2-8-7dev_7d
v2-8-7dev_7e
v2-8-7dev_8
v2-8-7dev_8a
v2-8-7dev_8b
v2-8-7dev_8c
v2-8-7dev_9
v2-8-7dev_9a
v2-8-7dev_9b
v2-8-7dev_9c
v2-8-7dev_9d
v2-8-7dev_9e
v2-8-7dev_9f
v2-8-7dev_9g
v2-8-7dev_9h
v2-8-7dev_9i
v2-8-7dev_9j
v2-8-7dev_9k
v2-8-7dev_9m
v2-8-7dev_9n
v2-8-7dev_c-pbm
v2-8-7pre_1
v2-8-7pre_1a
v2-8-7pre_1b
v2-8-7pre_2
v2-8-7pre_2a
v2-8-7pre_2b
v2-8-7pre_2c
v2-8-7pre_2d
v2-8-7pre_3
v2-8-7pre_3a
v2-8-7pre_4
v2-8-7pre_4a
v2-8-7pre_4b
v2-8-7pre_5
v2-8-7pre_5b
v2-8-7pre_5c
v2-8-7pre_6
v2-8-7pre_6b
v2-8-7rel_1
v2-8-8deb_11b
v2-8-8dev-15b
v2-8-8dev-15c
v2-8-8dev-15j
v2-8-8dev_0a
v2-8-8dev_0b
v2-8-8dev_1
v2-8-8dev_10
v2-8-8dev_10a
v2-8-8dev_10b
v2-8-8dev_11
v2-8-8dev_11a
v2-8-8dev_12
v2-8-8dev_12a
v2-8-8dev_12b
v2-8-8dev_12c
v2-8-8dev_12d
v2-8-8dev_12e
v2-8-8dev_12f
v2-8-8dev_12g
v2-8-8dev_12h
v2-8-8dev_12i
v2-8-8dev_12j
v2-8-8dev_12k
v2-8-8dev_12l
v2-8-8dev_12m
v2-8-8dev_13
v2-8-8dev_14
v2-8-8dev_14a
v2-8-8dev_14b
v2-8-8dev_14c
v2-8-8dev_14d
v2-8-8dev_14e
v2-8-8dev_14f
v2-8-8dev_14g
v2-8-8dev_14h
v2-8-8dev_14i
v2-8-8dev_14j
v2-8-8dev_15
v2-8-8dev_15d
v2-8-8dev_15e
v2-8-8dev_15g
v2-8-8dev_15h
v2-8-8dev_15i
v2-8-8dev_16
v2-8-8dev_16a
v2-8-8dev_16b
v2-8-8dev_16c
v2-8-8dev_16d
v2-8-8dev_16e
v2-8-8dev_16f
v2-8-8dev_16g
v2-8-8dev_16h
v2-8-8dev_16i
v2-8-8dev_16j
v2-8-8dev_16k
v2-8-8dev_16l
v2-8-8dev_16m
v2-8-8dev_16n
v2-8-8dev_16o
v2-8-8dev_16p
v2-8-8dev_16q
v2-8-8dev_16r
v2-8-8dev_16s
v2-8-8dev_16t
v2-8-8dev_16u
v2-8-8dev_16v
v2-8-8dev_16w
v2-8-8dev_16x
v2-8-8dev_17
v2-8-8dev_1a
v2-8-8dev_1c
v2-8-8dev_1d
v2-8-8dev_2
v2-8-8dev_2a
v2-8-8dev_2b
v2-8-8dev_2c
v2-8-8dev_2d
v2-8-8dev_2e
v2-8-8dev_2f
v2-8-8dev_2g
v2-8-8dev_2h
v2-8-8dev_2i
v2-8-8dev_3
v2-8-8dev_3a
v2-8-8dev_3b
v2-8-8dev_3c
v2-8-8dev_3d
v2-8-8dev_3e
v2-8-8dev_3f
v2-8-8dev_3g
v2-8-8dev_3h
v2-8-8dev_3i
v2-8-8dev_4
v2-8-8dev_4a
v2-8-8dev_4b
v2-8-8dev_5
v2-8-8dev_5a
v2-8-8dev_5b
v2-8-8dev_5c
v2-8-8dev_5d
v2-8-8dev_5e
v2-8-8dev_5f
v2-8-8dev_5g
v2-8-8dev_6
v2-8-8dev_6a
v2-8-8dev_6b
v2-8-8dev_6c
v2-8-8dev_6d
v2-8-8dev_6e
v2-8-8dev_6f
v2-8-8dev_6g
v2-8-8dev_7
v2-8-8dev_7a
v2-8-8dev_8
v2-8-8dev_8a
v2-8-8dev_8b
v2-8-8dev_8c
v2-8-8dev_8d
v2-8-8dev_8e
v2-8-8dev_8f
v2-8-8dev_8g
v2-8-8dev_8h
v2-8-8dev_8i
v2-8-8dev_8j
v2-8-8dev_8k
v2-8-8dev_8l
v2-8-8dev_8m
v2-8-8dev_8n
v2-8-8dev_9
v2-8-8dev_9a
v2-8-8dev_9b
v2-8-8dev_9c
v2-8-8dev_9d
v2-8-8dev_9e
v2-8-8dev_9f
v2-8-8dev_9g
v2-8-8dev_9h
v2-8-8dev_9i
v2-8-8dev_9j
v2-8-8dev_9k
v2-8-8dev_9l
v2-8-8dev_9m
v2-8-8dev_9n
v2-8-8dev_9o
v2-8-8pre_1
v2-8-8pre_1a
v2-8-8pre_1b
v2-8-8pre_1c
v2-8-8pre_1d
v2-8-8pre_1e
v2-8-8pre_2
v2-8-8pre_2a
v2-8-8pre_2b
v2-8-8pre_3
v2-8-8pre_3a
v2-8-8pre_3b
v2-8-8pre_3c
v2-8-8pre_4
v2-8-8pre_4a
v2-8-8pre_4b
v2-8-8pre_4c
v2-8-8pre_4d
v2-8-8pre_4e
v2-8-8pre_4f
v2-8-8pre_4g
v2-8-8pre_5
v2-8-8rel_1
v2-8-8rel_1a
v2-8-8rel_1b
v2-8-8rel_1c
v2-8-8rel_1d
v2-8-8rel_2
v2-8-9dev_1
v2-8-9dev_10
v2-8-9dev_10a
v2-8-9dev_11
v2-8-9dev_11a
v2-8-9dev_11b
v2-8-9dev_11c
v2-8-9dev_11d
v2-8-9dev_11e
v2-8-9dev_11g
v2-8-9dev_11h
v2-8-9dev_11j
v2-8-9dev_11k
v2-8-9dev_11l
v2-8-9dev_11m
v2-8-9dev_11n
v2-8-9dev_11o
v2-8-9dev_11p
v2-8-9dev_11q
v2-8-9dev_11r
v2-8-9dev_12
v2-8-9dev_12a
v2-8-9dev_13
v2-8-9dev_13a
v2-8-9dev_13b
v2-8-9dev_13c
v2-8-9dev_14
v2-8-9dev_14a
v2-8-9dev_14b
v2-8-9dev_14c
v2-8-9dev_14d
v2-8-9dev_14e
v2-8-9dev_14f
v2-8-9dev_15
v2-8-9dev_15a
v2-8-9dev_15b
v2-8-9dev_15c
v2-8-9dev_15d
v2-8-9dev_15e
v2-8-9dev_15f
v2-8-9dev_15g
v2-8-9dev_16
v2-8-9dev_1a
v2-8-9dev_1b
v2-8-9dev_1c
v2-8-9dev_1d
v2-8-9dev_1e
v2-8-9dev_1f
v2-8-9dev_1g
v2-8-9dev_1h
v2-8-9dev_1i
v2-8-9dev_2
v2-8-9dev_2a
v2-8-9dev_2b
v2-8-9dev_2c
v2-8-9dev_3a
v2-8-9dev_4
v2-8-9dev_4a
v2-8-9dev_4b
v2-8-9dev_5
v2-8-9dev_5a
v2-8-9dev_5b
v2-8-9dev_5c
v2-8-9dev_5d
v2-8-9dev_5e
v2-8-9dev_5f
v2-8-9dev_5g
v2-8-9dev_6
v2-8-9dev_6a
v2-8-9dev_6b
v2-8-9dev_6c
v2-8-9dev_6d
v2-8-9dev_6e
v2-8-9dev_6f
v2-8-9dev_6g
v2-8-9dev_6h
v2-8-9dev_6i
v2-8-9dev_6j
v2-8-9dev_6k
v2-8-9dev_6l
v2-8-9dev_6m
v2-8-9dev_6n
v2-8-9dev_6o
v2-8-9dev_6p
v2-8-9dev_6q
v2-8-9dev_6r
v2-8-9dev_6s
v2-8-9dev_7
v2-8-9dev_7a
v2-8-9dev_8
v2-8-9dev_8a
v2-8-9dev_8b
v2-8-9dev_8c
v2-8-9dev_8d
v2-8-9dev_9
v2-8-9dev_9a
v2-8-9dev_9b
v2-8-9dev_9c
v2-8-9dev_9d
v2-8-9dev_9e
v2-8-9dev_9f
v2-8-9dev_9g
v2-8-9dev_9h
v2-8-9dev_9i
v2-8-9dev_9j
v2-8-9dev_9k
v2-8pre_2
v2-8pre_3
v2-8pre_4
v2-8pre_5
v2-8rel_1
v2_6
v2_6_961130
v2_6fm_970129
v2_6fm_970206
v2_6fm_970209
v2_7
v2_8_8dev_6c
v2_8_8dev_6d
v2_8_8dev_8a
v2_8_8dev_8b
v2_8_8dev_9a
v2_8_8dev_9b
v2_8_8dev_9c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000211.json"
vanir_signatures 
[
    {
        "digest": {
            "line_hashes": [
                "276839244041874253570716174498195113638",
                "307313134925977423242669220638044571015",
                "138471024090996347877172975038942003109",
                "38578827775557295977188478865522106010",
                "110202609554451055184914786519942653828",
                "23538530354550592995262881671355683419",
                "79430180806067039076195305377639297800",
                "55074426441029647376758328889087463288",
                "3329120400151045882173454259733388426",
                "120739159841392223983970639681273638075",
                "122459131643402643921618828426843906689",
                "299006699557291525540079984182083068289",
                "64185396801546596709603834300295942789",
                "243963935790960629377563581495005918140",
                "117537319363288467654856474891996104371",
                "297470778873332004540178574241275155980",
                "278090903608714666961036483297682549639",
                "101342505753597164020756215211144041648",
                "89767970756697346388065157250709990627",
                "126299550969772521555373646403212372434",
                "214223916378735274028816894264026879274",
                "77759529769371009645296606445069848711",
                "7185927236794311802030527710850114899",
                "276016807517611968322827676265961971776",
                "74350536191421510730911868521372287158",
                "47852397670890322263799896502415851986",
                "112841107492005538712845046354219144262",
                "102514329368412264853660561048453178848",
                "208647209538448564612630161310793050153",
                "108587633537507210242609878158511307392",
                "317713673196000103948125696324209305928",
                "65623567037517039063726813147792559939",
                "68590562356389739011233555522011571148"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/HTML.c"
        },
        "id": "CVE-2017-1000211-0e44be72",
        "source": "https://github.com/thomasdickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9",
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "27363568686723496792149262710242149081",
            "length": 2457.0
        },
        "target": {
            "file": "src/HTML.c",
            "function": "HTML_put_string"
        },
        "id": "CVE-2017-1000211-a1743f3b",
        "source": "https://github.com/thomasdickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9",
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false
    }
]
vanir_signatures_modified 
"2026-04-11T03:56:45Z"