232 matches found
USN-3434-1: Libidn vulnerability
It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code...
Debian DLA-1084-1 : libidn security update
It was discovered that there was an integer overflow vulnerability in libidn's Punycode handling an encoding used to convert Unicode characters to ASCII which would have allowed remote attackers to cause a denial of service. For Debian 7 'Wheezy', this issue has been fixed in libidn version...
DLA-1084-1 libidn - security update
Bulletin has no description...
BSA-2017-210
Security Advisory ID : BSA-2017-210 Component : libidn Revision : 2.0: Final idnin GNUlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read...
BSA-2017-213
Security Advisory ID : BSA-2017-213 Component : libidn Revision : 2.0: Final idninlibidnbefore 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948...
BSA-2017-212
Security Advisory ID : BSA-2017-212 Component : libidn Revision : 2.0: Final The stringpreputf8nfkcnormalize function in lib/nfkc.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data...
BSA-2017-211
Security Advisory ID : BSA-2017-211 Component : libidn Revision : 1.0: Interim The idnatoascii4i function in lib/idna.cinlibidnbefore 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input. Affected Products Product| Current...
Information Leakage
libidn is susceptible to leaking sensitive information. The vulnerability is due to the use of fgets with fixed-size buffer, leading to out-of-bounds read and allowing the attackers to get sensitive memory information...
Denial Of Service (DoS)
libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not properly handle if a user inputs invalid UTF-8 data...
Memory Information Disclosure
libidn is susceptible to sensitive memory information leak. The leakage is possible when an attacker reads an input of zero byte...
Denial Of Service (DoS)
libidn is vulnerable to denial of service DoS attacks. The vulnerability exists because idnatoascii4i function in lib/idna.c does not properly handle 64 bytes of input, leading to out-of-bounds read and crash...
Fedora Update for mingw-libidn FEDORA-2016-f99c0a8b69
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : mingw-libidn (2016-f99c0a8b69)
Update to 1.33 1374902,1359147,1359148 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...
USN-3068-1 Libidn vulnerabilities | Cloud Foundry
USN-3068-1 Libidn vulnerabilities Medium Vendor Canonical Ubuntu, libidn Versions Affected Canonical Ubuntu 14.04 LTS Description Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker cou...
CURL-CVE-2016-8625 IDNA 2003 makes curl use wrong host
When curl is built with libidn to handle International Domain Names IDNA, it translates them to puny code for DNS resolving using the IDNA 2003 standard, while IDNA 2008 is the modern and up-to-date IDNA standard. This misalignment causes problems with for example domains using the German ß...
IDNA 2003 makes curl use wrong host
When curl is built with libidn to handle International Domain Names IDNA, it translates them to puny code for DNS resolving using the IDNA 2003 standard, while IDNA 2008 is the modern and up-to-date IDNA standard. This misalignment causes problems with for example domains using the German ß...
[SECURITY] Fedora 25 Update: mingw-libidn-1.33-1.fc25
GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names IDN working group, used for internationalized domain names...
SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1)
This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 ...
SUSE-SU-2016:2291-1 Security update for libidn
This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input bsc990189 - CVE-2016-6261: Out-of-bounds stack read in idnatoascii4i bsc990190 - CVE-2016-6263: stringpreputf8nfkcnormalize reject invalid UTF-8 bsc990191 -...
openSUSE Security Update : wget (openSUSE-2016-1067)
This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability bsc984060, CVE-2016-4971. - Work around a libidn vulnerability bsc937096, CVE-2015-2059. - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor...