libidn.so is vulnerable to denial of service attacks. The vulnerability exists in the decode_digit
function of lib/puny_decode.c
where an integer overflow can occur on the returned value, causing an application crash.
www.debian.org/security/2017/dsa-3988
bugzilla.suse.com/show_bug.cgi?id=1087709
gitlab.com/libidn/libidn2/blob/master/NEWS
gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
lists.debian.org/debian-lts-announce/2018/07/msg00040.html
lists.gnu.org/archive/html/info-gnu/2018-04/msg00001.html