Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158162 - Lynx Malformed HTML Infinite Loop Denial of Service
Summary: Lynx Malformed HTML Infinite Loop Denial of Service
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: lynx
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Brian Brock
URL: http://www.securityfocus.com/archive/...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-19 10:16 UTC by Tim Waugh
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-19 11:48:04 UTC


Attachments (Terms of Use)

Description Tim Waugh 2005-05-19 10:16:47 UTC
+++ This bug was initially created as a clone of Bug #152832 +++

04.42.20 CVE: Not Available
Platform: Cross Platform
Title: Lynx Malformed HTML Infinite Loop Denial of Service
Description: The Lynx web browser is vulnerable to a denial of service
condition while handling certain malformed HTML pages. This issue
sends the software into an infinite loop, consuming CPU resources for
the system.
Ref: http://www.securityfocus.com/archive/1/378632



------- Additional Comments From jpdalbec@ysu.edu 2004-12-08 10:23:17 ----

backtrace:
#0  0x4207a7eb in chunk_alloc () from /lib/i686/libc.so.6
#1  0x4207a158 in malloc () from /lib/i686/libc.so.6
#2  0x08057c22 in mem_is_avail ()
#3  0x08057c6d in LY_check_calloc ()
#4  0x0805a208 in split_line ()
#5  0x0805c46d in HText_appendCharacter ()
#6  0x0809d9a5 in HTML_put_character ()
#7  0x080ac491 in HTML_end_element ()
#8  0x080e1ade in SGML_free ()
#9  0x080f30ce in HTMIME_free ()
#10 0x080d3906 in HTLoadHTTP ()
#11 0x080cfcf3 in HTLoad ()
#12 0x080d00f6 in HTLoadDocument ()
#13 0x080d0626 in HTLoadAbsolute ()
#14 0x0806ae79 in getfile ()
#15 0x08078bbe in mainloop ()
#16 0x0806da93 in main ()
#17 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6




------- Additional Comments From pekkas@netcore.fi 2005-02-15 06:56:02 ----

FWIW, Red Hat has not released updates to this.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2215 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2215
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P3. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity minor. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Tim Waugh 2005-05-19 11:48:04 UTC
Can't reproduce it.


Note You need to log in before you can comment on or make changes to this bug.