| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Nov 2016 08:07:22 -0400
From: Thomas Dickey <dickey@....com>
To: redrain root <rootredrain@...il.com>
Cc: oss-security@...ts.openwall.com, cve-assign@...re.org, dickey@....com,
fulldisclosure@...lists.org
Subject: Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with
'?'
On Thu, Nov 03, 2016 at 05:58:14PM +0800, redrain root wrote:
> I can't find any bugtracker in lynx ,so i will disclose by this mail and
> sent to the author dickey@...isible-island.net.
>
> redrain (rootredrain@...il.com)
> Date:2016-11-03
> Version: 2.8.8pre.4、2.8.9dev.8 and earlier
> Platform: Linux and Windows
> Vendor: http://lynx.browser.org/
> Vendor Notified: 2016-11-03
>
>
> VULNERABILITY
> -------------------------
>
> Lynx doesn't parse the authority component of the URL correctly when the
> host
> name part ends with '?', and could instead be tricked into
Actually, it does parse correctly. Go read RFC 1738.
What can be improved here is adding some warnings about a few of the cases
where users can be confused by legal URL syntax. I'm working on that.
--
Thomas E. Dickey <dickey@...isible-island.net>
http://invisible-island.net
ftp://invisible-island.net
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists