CVE DATABASE / CVE-2012-5821
CVE-2012-5821
CVSS 5.9 · MEDIUM
Summary
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
CVSS 3.1 breakdown
| Base score | 5.9 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Attack vector | NETWORK |
| Attack complexity | HIGH |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Lynx lynxCanonical ubuntu linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
- http://www.ubuntu.com/usn/USN-1642-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351
Data: NIST NVD. NVD last modified 2026-04-29. Always verify against the vendor advisory before acting.