CVE-2017-1000211

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000211
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000211.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000211
Downstream
Related
Published
2017-11-17T15:29:00.310Z
Modified
2025-11-19T17:35:04.861286Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring() can append a chunk onto itself.

References

Affected packages

Git / github.com/thomasdickey/lynx-snapshots

Affected ranges

Type
GIT
Repo
https://github.com/thomasdickey/lynx-snapshots
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
280a61b300a1614f6037efc0902ff7ecf17146e9

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/HTML.c"
        },
        "digest": {
            "line_hashes": [
                "276839244041874253570716174498195113638",
                "307313134925977423242669220638044571015",
                "138471024090996347877172975038942003109",
                "38578827775557295977188478865522106010",
                "110202609554451055184914786519942653828",
                "23538530354550592995262881671355683419",
                "79430180806067039076195305377639297800",
                "55074426441029647376758328889087463288",
                "3329120400151045882173454259733388426",
                "120739159841392223983970639681273638075",
                "122459131643402643921618828426843906689",
                "299006699557291525540079984182083068289",
                "64185396801546596709603834300295942789",
                "243963935790960629377563581495005918140",
                "117537319363288467654856474891996104371",
                "297470778873332004540178574241275155980",
                "278090903608714666961036483297682549639",
                "101342505753597164020756215211144041648",
                "89767970756697346388065157250709990627",
                "126299550969772521555373646403212372434",
                "214223916378735274028816894264026879274",
                "77759529769371009645296606445069848711",
                "7185927236794311802030527710850114899",
                "276016807517611968322827676265961971776",
                "74350536191421510730911868521372287158",
                "47852397670890322263799896502415851986",
                "112841107492005538712845046354219144262",
                "102514329368412264853660561048453178848",
                "208647209538448564612630161310793050153",
                "108587633537507210242609878158511307392",
                "317713673196000103948125696324209305928",
                "65623567037517039063726813147792559939",
                "68590562356389739011233555522011571148"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/thomasdickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9",
        "deprecated": false,
        "id": "CVE-2017-1000211-0e44be72",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "HTML_put_string",
            "file": "src/HTML.c"
        },
        "digest": {
            "length": 2457.0,
            "function_hash": "27363568686723496792149262710242149081"
        },
        "signature_version": "v1",
        "source": "https://github.com/thomasdickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9",
        "deprecated": false,
        "id": "CVE-2017-1000211-a1743f3b",
        "signature_type": "Function"
    }
]