CVE-2016-6261

Опубликовано: 07 сент. 2016

Источник: debian

Описание

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libidn	fixed	1.33-1		package

Примечания

https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
https://www.openwall.com/lists/oss-security/2016/07/20/6

Связанные уязвимости

CVE-2016-6261

CVSS3: 7.5

ubuntu

больше 9 лет назад

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVE-2016-6261

CVSS3: 3.7

redhat

больше 9 лет назад

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVE-2016-6261

CVSS3: 7.5

nvd

больше 9 лет назад

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

GHSA-hr7q-x7xm-q959

CVSS3: 7.5

github

больше 3 лет назад

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

openSUSE-SU-2016:2135-1

suse-cvrf

больше 9 лет назад

Security update for libidn