rpm package
suse/libidn&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/libidn&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14062 | Cri | 9.8 | < 1.10-7.3.1 | 1.10-7.3.1 | Aug 31, 2017 | Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2016-6263 | Hig | 7.5 | < 1.10-6.1 | 1.10-6.1 | Sep 7, 2016 | The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | |
| CVE-2016-6262 | Hig | 7.5 | < 1.10-6.1 | 1.10-6.1 | Sep 7, 2016 | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | |
| CVE-2016-6261 | Hig | 7.5 | < 1.10-6.1 | 1.10-6.1 | Sep 7, 2016 | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | |
| CVE-2015-8948 | Hig | 7.5 | < 1.10-6.1 | 1.10-6.1 | Sep 7, 2016 | idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | |
| CVE-2015-2059 | — | < 1.10-6.1 | 1.10-6.1 | Aug 12, 2015 | The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. |
- affected < 1.10-7.3.1fixed 1.10-7.3.1
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
- affected < 1.10-6.1fixed 1.10-6.1
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
- affected < 1.10-6.1fixed 1.10-6.1
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
- affected < 1.10-6.1fixed 1.10-6.1
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
- affected < 1.10-6.1fixed 1.10-6.1
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
- CVE-2015-2059Aug 12, 2015affected < 1.10-6.1fixed 1.10-6.1
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.