CVE-2021-38165 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
lynx_project	lynx	𝑥 ≤ 2.8.9
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

lynx

bookworm	2.9.0dev.12-1 fixed
bullseye	2.9.0dev.6-3~deb11u1 fixed
bullseye (security)	2.9.0dev.6-3~deb11u1 fixed
sid	2.9.2-1 fixed
trixie	2.9.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

lynx

bionic	Fixed 2.8.9dev16-3ubuntu0.1~esm1 released
focal	Fixed 2.9.0dev.5-1ubuntu0.1~esm1 released
hirsute	ignored
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	Fixed 2.8.9dev8-4ubuntu1+esm2 released

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

http://www.openwall.com/lists/oss-security/2021/08/07/11

http://www.openwall.com/lists/oss-security/2021/08/07/12

http://www.openwall.com/lists/oss-security/2021/08/07/9

https://bugs.debian.org/991971

https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118

https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/

https://lynx.invisible-island.net/current/CHANGES.html

https://www.debian.org/security/2021/dsa-4953

https://www.openwall.com/lists/oss-security/2021/08/07/1

https://www.openwall.com/lists/oss-security/2021/08/07/11

http://www.openwall.com/lists/oss-security/2021/08/07/11

http://www.openwall.com/lists/oss-security/2021/08/07/12

http://www.openwall.com/lists/oss-security/2021/08/07/9

https://bugs.debian.org/991971

https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118

https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/

https://lynx.invisible-island.net/current/CHANGES.html

https://www.debian.org/security/2021/dsa-4953

https://www.openwall.com/lists/oss-security/2021/08/07/1

https://www.openwall.com/lists/oss-security/2021/08/07/11