Teemu Salmela

**Name of the Vulnerable Software and Affected Versions** links versions (affected versions not specified) links-ssl versions (affected versions not specified) Links web browser version 1.00pre12 Elinks version 0.9.2 **Description** The issue affects the links package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. In the case of Links web browser and Elinks with smbclient installed, remote attackers can execute arbitrary code via shell metacharacters in an smb:// URI. **Recommendations** For links and links-ssl, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Links web browser version 1.00pre12, consider avoiding the use of smb:// URIs until a patch is available. For Elinks version 0.9.2, restrict the use of smbclient to minimize the risk of exploitation.