Lucene search
+L

7 matches found

redhat
redhat
added 4 days ago7 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
friendsofphp
friendsofphp
added 2026/05/26 8:0 a.m.21 views

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

6.9CVSS5.8AI score0.00394EPSS
Exploits0Affected Software1
ubuntucve
ubuntucve
added 2026/05/22 4:16 p.m.13 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References7
cve
cve
added 2026/05/22 3:1 p.m.441 views

CVE-2026-39821

CVE-2026-39821 affects golang.org/x/net/idna; ToASCII/ToUnicode incorrectly accept Punycode-encoded labels that decode to ASCII-only labels (e.g., xn--example-.com). The issue can enable privilege escalation in programs that validate ASCII hostnames but later convert to Unicode, potentially grant...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References56Affected Software1
alpinelinux
alpinelinux
added 2026/05/22 3:1 p.m.7 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.4AI score0.00478EPSS
Exploits0
hackerone
hackerone
added 2024/02/12 8:28 a.m.11 views

HackerOne: LLM03: Training Data Poisoning via ASCII decoding

Vulnerability description not provided...

7.1AI score
Exploits0
ptsecurity
ptsecurity
added 2016/11/05 12:0 a.m.23 views

PT-2026-42782

Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...

9.8CVSS5.8AI score0.00478EPSS
Exploits0
Rows per page
Query Builder