CVE-2010-2810

Name of the Vulnerable Software and Affected Versions Lynx versions 2.8.8dev.1 through 2.8.8dev.4

Description The issue is related to a heap-based buffer overflow in the convert to idna function, which can be triggered by a malformed URL containing a % (percent) character in the domain name. This can cause a denial of service, resulting in an application crash, or potentially allow the execution of arbitrary code.

Recommendations For versions 2.8.8dev.1 through 2.8.8dev.4, consider avoiding the use of URLs with % characters in the domain name until a fix is available. As a temporary workaround, restrict access to potentially malicious URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.