CVE-2019-18224

CVE-2019-18224 affects libidn2: heap-based overflow in idn2_to_ascii_4i (lib/lookup.c) in GNU libidn2 before 2.1.1. This can trigger denial of service or arbitrary code execution when handling long domain strings. Public advisories confirm the flaw and provide fixes; Debian lists a fix at 2.0.5-1...

CVE-2017-14062

CVE-2017-14062 is an integer overflow in the decode_digit function of libidn2 and related libidn code affecting IDN/Punycode handling. Reports show DoS or unspecified impact from remote attackers. Public advisories (Debian DSA-3988-1, DLA-1447-1; Fedora advisories; Cloud Foundry USN-3434-1) indic...

CVE-2019-12290

Libidn2 (GNU libidn2) before 2.2.0 fails RFC3490 roundtrip checks when converting A-labels to U-labels, enabling domain impersonation. Affected: libidn2 (prior to 2.2.0). Remediation: upgrade to 2.2.0 or newer (advisories show updates to 2.3.x). Connected advisories also reference CVE-2019-18224 ...

CVE-2017-14061

The CVE-2017-14061 issue is an integer overflow in Libidn2’s _isBidi function (bidi.c) that affects Libidn2 prior to 2.0.4. According to connected sources, the vulnerability could allow a remote attacker to cause a denial of service or have other unspecified impact, with CVSSv3 indicating a CRITI...