Showing 1 - 3 of 3

CVE-2019-18224

Status Candidate

Overview

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

Gentoo Linux Security Advisory 202003-63: Posted Mar 30, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202003-63 - Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.0 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2019-12290, CVE-2019-18224; SHA-256 | 53fb6354b0d8ed24a8a1cf0c1606c26800da39fd68fec33fe50b30cd527397ec; Download | Favorite | View

Debian Security Advisory 4613-1: Posted Feb 3, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, debian; advisories | CVE-2019-18224; SHA-256 | e3db76e1233159bccb40c596b224ab1f03af6655b3d18061ad965e1cc5720856; Download | Favorite | View

Ubuntu Security Notice USN-4168-1: Posted Oct 29, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4168-1 - It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2019-12290, CVE-2019-18224; SHA-256 | cf79bda79ca9397f2b33a211436016b37be02011ced052fcfc31479870124c25; Download | Favorite | View

Page 1 of 1 Back 1 Next