oss-sec mailing list archives

Re: CVE request:Lynx invalid URL parsing with '?'

From: <cve-assign () mitre org>
Date: Fri, 4 Nov 2016 03:03:42 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

lynx  "http://google.com?@hackdog.me/";
wrongly make lynx send a request to hackdog.me


Use CVE-2016-9179.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYHDILAAoJEHb/MwWLVhi2dR0P/2Zr1VU0tQcBP4Tu543JzPV6
CiHZdspG7fRKuCOaH8QHFHXFWksirFSumHfSPSLt8QjQ9IQJc9iCqan/0Zg4A/5C
yNSnpqdHMfGMK/z+oiuFBNbqEu3ik1DS63a3KR/H9O1qqfyDAx3BeAbXIV3GLNi1
JqspcJy6XB/O0s2N5K8FfjG2/mwhAX+tESncJB7qssqR4x6DXfADXCeYmGcaE3Y2
iucJGwM8mtJRWLibqIbg8zbtVImCkRMD5XC00ZbVY/i8+4DwE972Z1solumACD0i
bI4y1T+5I8MEndCJiZ2viHqD/BItfjaPS6swEnV713WE1/5xTT1b/ser/lSZ0OwE
/0lB04X1OmlU/cO2c+zzarkYlJYAzIZz6PedMy0oSO5CkZ3RsyqkTTxj9EueE12F
Fcwoe01zZGNUmbz+C+2ObAn+nP7uFowG59ojfbOBE0oTpFBXiR9EypvkshehwU9S
M0vgX+PZ8CTH8+Cy83f9A3JPdIDkdJYg59QOWZ5FslI0PdgTPxyKNfxobesf/nFV
VmTMa6ht8uxfYZ/9w9BnwwJOC0641SvxpMBa2fRaUFiY8Iham+UOa6IljtVd5y2F
hL7C2lVNracS2pCUSvL8JobCjaA5HPgKni/jf1chHjkRtMouWu0jDi8hdZQwI6W4
tyL6v/kL4pVDf4OSBXw9
=21bX
-----END PGP SIGNATURE-----

Current thread:

CVE request:Lynx invalid URL parsing with '?' redrain root (Nov 03)
- Re: CVE request:Lynx invalid URL parsing with '?' Leo Famulari (Nov 03)
- Re: CVE request:Lynx invalid URL parsing with '?' cve-assign (Nov 04)
- Re: CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
- Message not available
  - Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski (Nov 05)