VDB
CVE-2010-2810
CVE-2010-2810
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
EPSS 2.38% · 85.3th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.38%
85.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| lynx | lynx | 2.8.8, 2.8.8, 2.8.8 |
| n/a | n/a | n/a |
Timeline
- Aug 20, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Apr 10, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- lynx-converttoidna-bo(61007) vdb
- [oss-security] 20100809 Re: CVE request: Lynx mailing-list
- ADV-2010-2042 vdb
- USN-1642-1 vendor-advisory
- [oss-security] 20100809 CVE request: Lynx mailing-list
- https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-2810 advisory