{"id":"CVE-2021-38165","details":"Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.","modified":"2026-04-16T04:39:35.196819712Z","published":"2021-08-07T18:15:06.997Z","related":["ALSA-2022:2129"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K6PZF7JNTFCOJ62HXZG4Q2NEHSZ6IO2V/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKNK7GQBJBUBMJVNKVC7RTCYWUYMFJQW/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/07/9"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4953"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2021/08/07/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/07/11"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/08/07/12"},{"type":"ADVISORY","url":"https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118"},{"type":"ADVISORY","url":"https://lynx.invisible-island.net/current/CHANGES.html"},{"type":"REPORT","url":"https://bugs.debian.org/991971"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2021/08/07/11"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38165.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}