Gnu

Libidn

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.06.2026 16:40:22
  • Zuletzt bearbeitet 29.06.2026 19:40:25

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

  • EPSS 3.91%
  • Veröffentlicht 07.09.2016 20:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

  • EPSS 6.51%
  • Veröffentlicht 07.09.2016 20:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

  • EPSS 3.91%
  • Veröffentlicht 07.09.2016 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

  • EPSS 6.72%
  • Veröffentlicht 07.09.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

  • EPSS 3.19%
  • Veröffentlicht 12.08.2015 14:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bou...