Debian Bug report logs -
#942895
CVE-2019-18224
Package:
src:libidn2;
Maintainer for src:libidn2 is Debian Libidn team <help-libidn@gnuorg>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Tue, 22 Oct 2019 21:39:05 UTC
Severity: grave
Tags: security
Reply or subscribe to this bug
Toggle useless message ...
A heap-based buffer overflow vulnerability was discovered in the
idn2_to_ascii_4i() function in libidn2, the GNU library for
Internationalized Domain Names (IDNs), which could result in denial of
service, or the execution of arbitrary code when processing a long
domain string
For the stable distribution (buster), this problem has been fixed in
ver ...
heap-based buffer overflow in idn2_to_ascii_4i in lib/lookupc idn2_to_ascii_4i in lib/lookupc in GNU libidn2 before 211 has a heap-based buffer overflow via a long domain string(CVE-2019-18224) ...
idn2_to_ascii_4i in lib/lookupc in GNU libidn2 before 211 has a heap-based buffer overflow via a long domain string (CVE-2019-18224)
GNU libidn2 before 220 fails to perform the roundtrip checks specified in RFC3490 Section 42 when converting A-labels to U-labels This makes it possible in some circumstances for one domain to impersonate anot ...