Lucene search
K

4 matches found

OSV
OSV
added 2026/05/22 4:16 p.m.10 views

UBUNTU-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/22 3:1 p.m.9 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.10 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2019/11/14 12:0 a.m.30 views

libidn2 -- roundtrip check vulnerability

CVE list: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except fo...

7.5CVSS2.6AI score0.0279EPSS
Exploits0References2
Rows per page
Query Builder