Lucene search
K

232 matches found

Ubuntu
Ubuntu
added 2017/10/02 5:1 p.m.52 views

USN-3434-1: Libidn vulnerability

It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.03965EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.29 views

Debian DLA-1084-1 : libidn security update

It was discovered that there was an integer overflow vulnerability in libidn's Punycode handling an encoding used to convert Unicode characters to ASCII which would have allowed remote attackers to cause a denial of service. For Debian 7 'Wheezy', this issue has been fixed in libidn version...

9.8CVSS7AI score0.03965EPSS
Exploits0References3
OSV
OSV
added 2017/09/02 12:0 a.m.23 views

DLA-1084-1 libidn - security update

Bulletin has no description...

9.8CVSS9.5AI score0.03965EPSS
Exploits0
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.9 views

BSA-2017-210

Security Advisory ID : BSA-2017-210 Component : libidn Revision : 2.0: Final idnin GNUlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...

7.5CVSS6.7AI score0.06721EPSS
Exploits0
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.9 views

BSA-2017-213

Security Advisory ID : BSA-2017-213 Component : libidn Revision : 2.0: Final idninlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948...

7.5CVSS6.8AI score0.06721EPSS
Exploits0
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.7 views

BSA-2017-212

Security Advisory ID : BSA-2017-212 Component : libidn Revision : 2.0: Final The stringpreputf8nfkcnormalize function in lib/nfkc.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data...

7.5CVSS6.7AI score0.0391EPSS
Exploits0
Broadcom
Broadcom
added 2017/03/31 12:0 a.m.19 views

BSA-2017-211

Security Advisory ID : BSA-2017-211 Component : libidn Revision : 1.0: Interim The idnatoascii4i function in lib/idna.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input. Affected Products Product| Current...

7.5CVSS6.7AI score0.0391EPSS
Exploits0
Veracode
Veracode
added 2017/02/02 9:3 a.m.26 views

Information Leakage

libidn is susceptible to leaking sensitive information. The vulnerability is due to the use of fgets with fixed-size buffer, leading to out-of-bounds read and allowing the attackers to get sensitive memory information...

7.5CVSS7.3AI score0.06721EPSS
Exploits0References12Affected Software2
Veracode
Veracode
added 2017/01/31 2:23 a.m.29 views

Denial Of Service (DoS)

libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not properly handle if a user inputs invalid UTF-8 data...

7.5CVSS7.1AI score0.0391EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2017/01/31 2:10 a.m.14 views

Memory Information Disclosure

libidn is susceptible to sensitive memory information leak. The leakage is possible when an attacker reads an input of zero byte...

7.5CVSS7.3AI score0.06513EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2017/01/31 1:43 a.m.19 views

Denial Of Service (DoS)

libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because idnatoascii4i function in lib/idna.c does not properly handle 64 bytes of input, leading to out-of-bounds read and crash...

7.5CVSS7.1AI score0.0391EPSS
Exploits0References13Affected Software1
OpenVAS
OpenVAS
added 2016/12/07 12:0 a.m.23 views

Fedora Update for mingw-libidn FEDORA-2016-f99c0a8b69

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.06721EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/11/15 12:0 a.m.28 views

Fedora 25 : mingw-libidn (2016-f99c0a8b69)

Update to 1.33 1374902,1359147,1359148 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

7.5CVSS7.4AI score0.06721EPSS
Exploits0References5
Cloud Foundry
Cloud Foundry
added 2016/11/08 12:0 a.m.47 views

USN-3068-1 Libidn vulnerabilities | Cloud Foundry

USN-3068-1 Libidn vulnerabilities Medium Vendor Canonical Ubuntu, libidn Versions Affected Canonical Ubuntu 14.04 LTS Description Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker cou...

7.5CVSS7.2AI score0.06721EPSS
Exploits0
OSV
OSV
added 2016/11/02 8:0 a.m.9 views

CURL-CVE-2016-8625 IDNA 2003 makes curl use wrong host

When curl is built with libidn to handle International Domain Names IDNA, it translates them to puny code for DNS resolving using the IDNA 2003 standard, while IDNA 2008 is the modern and up-to-date IDNA standard. This misalignment causes problems with for example domains using the German ß...

7.5CVSS7.5AI score0.04321EPSS
Exploits0
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.11 views

IDNA 2003 makes curl use wrong host

When curl is built with libidn to handle International Domain Names IDNA, it translates them to puny code for DNS resolving using the IDNA 2003 standard, while IDNA 2008 is the modern and up-to-date IDNA standard. This misalignment causes problems with for example domains using the German ß...

7.5CVSS7.2AI score0.04321EPSS
Exploits0Affected Software2
Fedora
Fedora
added 2016/10/10 6:19 p.m.35 views

[SECURITY] Fedora 25 Update: mingw-libidn-1.33-1.fc25

GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names IDN working group, used for internationalized domain names...

7.5CVSS2AI score0.06721EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/13 12:0 a.m.28 views

SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1)

This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 ...

7.5CVSS7.1AI score0.06721EPSS
Exploits0References15
OSV
OSV
added 2016/09/12 10:3 a.m.9 views

SUSE-SU-2016:2291-1 Security update for libidn

This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 -...

7.5CVSS7.6AI score0.06721EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2016/09/12 12:0 a.m.34 views

openSUSE Security Update : wget (openSUSE-2016-1067)

This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability bsc984060, CVE-2016-4971. - Work around a libidn vulnerability bsc937096, CVE-2015-2059. - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor...

8.8CVSS6.8AI score0.45935EPSS
Exploits8References5
Rows per page
Query Builder