symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form

Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...

EUVD-2017-16739

Malware in sbrugna...

RHEL 8 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

[SECURITY] Fedora 40 Update: icu4j-74.2-4.fc40

The International Components for Unicode ICU library provides robust and full-featured Unicode services on a wide variety of platforms. ICU supports the most current version of the Unicode standard, and provides support for supplementary characters needed for GB 18030 repertoire support. Java...

Rocky Linux 8 : gcc (RLSA-2021:4587)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4587 advisory. - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via...

Rocky Linux 8 : binutils (RLSA-2021:4595)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4595 advisory. - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via...

MGASA-2021-0517 Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

CVE-2021-42694

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to...

CVE-2017-7764

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows...