CVE-2017-14062

EPSS 1.31%
Published 31.08.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Libidn2 Version < 2.0.4

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.31%	0.789

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://gitlab.com/libidn/libidn2/blob/master/NEWS

Third Party Advisory

Release Notes

http://www.debian.org/security/2017/dsa-3988

Third Party Advisory

https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2017-14062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14062

EUVD