USN-851-1 -- elinks vulnerabilitiesID: oval:org.secpod.oval:def:700395 | Date: (C)2011-05-13 (M)2023-12-07 |
Class: PATCH | Family: unix |
Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program