Patch lynx against CVE-2021-38165
|Reported by:||Douglas R. Reno||Owned by:||Douglas R. Reno|
As mentioned in blfs-dev:
About Lynx: There is already a patch for CVE-2021-38165, and it is not mentioned in the BLFS manual.Description of CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Rated as 5.3 Medium by NVD.