Heap overflow when parsing malformed URLs
Binary package hint: lynx-cur
Lynx is vulnerable to a heap overflow when parsing malformed URLs. When Lynx attempts to URL decode hostnames using the convert_to_idna() function in WWW/Library/
The attached reproducer causes a crash on my 32-bit Lucid system. It's not entirely reliable due to the fact that stack layout determines whether enough characters are overflowed to trigger glibc's heap checking. I've also attached a fix for the issue, which I've tested and confirmed it resolves the vulnerability.
|visibility:||private → public|
|Changed in lynx-cur (Ubuntu):|
|status:||New → Triaged|