Unrated severityNVD Advisory· Published Oct 22, 2019· Updated Aug 4, 2024
CVE-2019-12290
CVE-2019-12290
Description
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- GNU/libidn2description
- osv-coords14 versionspkg:apk/chainguard/idn2-utilspkg:apk/chainguard/libidn2pkg:apk/chainguard/libidn2-devpkg:apk/chainguard/libidn2-docpkg:apk/chainguard/libidn2-staticpkg:apk/wolfi/idn2-utilspkg:apk/wolfi/libidn2pkg:apk/wolfi/libidn2-devpkg:apk/wolfi/libidn2-docpkg:apk/wolfi/libidn2-staticpkg:rpm/opensuse/libidn2&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libidn2&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libidn2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libidn2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
< 0+ 13 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.2.0-lp150.2.3.1
- (no CPE)range: < 2.2.0-lp151.3.3.1
- (no CPE)range: < 2.2.0-3.3.1
- (no CPE)range: < 2.2.0-3.3.1
Patches
Vulnerability mechanics
References
12- lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202003-63mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4168-1/mitrevendor-advisoryx_refsource_UBUNTU
- gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5mitrex_refsource_MISC
- gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389demitrex_refsource_CONFIRM
- gitlab.com/libidn/libidn2/merge_requests/71mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.