VYPR

rpm package

suse/libidn&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/libidn&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (6)

  • CVE-2017-14062CriAug 31, 2017
    affected < 1.10-7.3.1fixed 1.10-7.3.1

    Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2016-6263HigSep 7, 2016
    affected < 1.10-6.1fixed 1.10-6.1

    The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

  • CVE-2016-6262HigSep 7, 2016
    affected < 1.10-6.1fixed 1.10-6.1

    idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

  • CVE-2016-6261HigSep 7, 2016
    affected < 1.10-6.1fixed 1.10-6.1

    The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

  • CVE-2015-8948HigSep 7, 2016
    affected < 1.10-6.1fixed 1.10-6.1

    idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

  • CVE-2015-2059Aug 12, 2015
    affected < 1.10-6.1fixed 1.10-6.1

    The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.