National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2005-3120 Detail


Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Source:  MITRE      Last Modified:  10/17/2005

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source SCO SCOSA-2006.7 External Source SCO SCOSA-2005.47 Patch; Vendor Advisory External Source FULLDISC 20051017 Lynx Remote Buffer Overflow External Source TRUSTIX TSLSA-2005-0059 External Source SECTRACK 1015065 External Source SLACKWARE SSA:2005-310-03 External Source CONFIRM External Source DEBIAN DSA-874 External Source DEBIAN DSA-876 External Source DEBIAN DSA-1085 External Source GENTOO GLSA-200510-15 External Source MANDRIVA MDKSA-2005:186 External Source SUSE SUSE-SR:2005:025 External Source OPENPKG OpenPKG-SA-2005.026 Vendor Advisory External Source REDHAT RHSA-2005:803 External Source FEDORA FLSA:152832 External Source BUGTRAQ 20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities External Source BID 15117 External Source UBUNTU USN-206-1 Vendor Advisory External Source MISC External Source OVAL oval:org.mitre.oval:def:9257

References to Check Content

Check System:

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes