CVE-2015-8948

CVE-2015-8948 : Affected software is GNU libidn; vulnerability arises from processing input where a zero byte is read as input, causing an out-of-bounds read that could reveal memory. This targets libidn versions before 1.33. Several connected advisories confirm the issue (e.g., BSA-2017-213 and ...

CVE-2016-6262

CVE-2016-6262 affects GNU libidn before 1.33. The issue allows reading a zero byte as input, triggering an out-of-bounds read and potentially exposing memory. This is a different vulnerability from CVE-2015-8948. The vulnerability is referenced across multiple advisories (BSA-2017-213/210, USN-30...

CVE-2016-6261

CVE-2016-6261 affects libidn: the idna_to_ascii_4i function in lib/idna.c within libidn before 1.33 allows context-dependent attackers to cause a denial of service via 64 bytes of input (out-of-bounds read and crash). Connected advisories indicate patches/mitigations exist (upgrading libidn to a ...

CVE-2016-6263

The CVE-2016-6263 entry affects the libidn library. The vulnerability lies in the stringprep_utf8_nfkc_normalize function (lib/nfkc.c) in libidn before 1.33, where crafted UTF-8 data can trigger an out-of-bounds read and crash, causing denial of service. Affected versions are prior to 1.33; the i...

CVE-2015-2059

CVE-2015-2059 affects libin (libidn) prior to 1.31 as used by jabberd2. The issue is an out-of-bounds read triggered by invalid UTF-8 characters in a string, potentially enabling memory disclosure. The provided documents do not specify a vendor patch, version, or concrete remediation for this CVE...