Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 9 of 9 results


CVE-2019-12290

Medium priority

Some fixes available 2 of 4

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating...

2 affected packages

libidn2, libidn2-0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn2 Not affected Not affected Not affected Fixed Not in release
libidn2-0 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2019-18224

Medium priority

Some fixes available 2 of 4

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

2 affected packages

libidn2, libidn2-0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn2 Not affected Not affected Not affected Fixed Not in release
libidn2-0 Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2017-14061

Medium priority
Not affected

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

2 affected packages

libidn, libidn2-0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Not affected
libidn2-0 Not affected
Show less packages

CVE-2017-14062

Medium priority
Fixed

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

3 affected packages

libidn, libidn2, libidn2-0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Not affected Not affected Not affected Fixed
libidn2 Not affected Not affected Not affected Not in release
libidn2-0 Not in release Not in release Not in release Fixed
Show less packages

CVE-2016-6263

Medium priority

Some fixes available 3 of 4

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

1 affected packages

libidn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Fixed
Show less packages

CVE-2016-6262

Medium priority

Some fixes available 3 of 4

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

1 affected packages

libidn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Fixed
Show less packages

CVE-2016-6261

Medium priority

Some fixes available 3 of 4

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

1 affected packages

libidn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Fixed
Show less packages

CVE-2015-8948

Low priority

Some fixes available 3 of 4

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

1 affected packages

libidn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Fixed
Show less packages

CVE-2015-2059

Low priority

Some fixes available 2 of 6

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which...

1 affected packages

libidn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libidn Not affected
Show less packages