This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2017-08-31
Product libidn2 Last view 2019-10-22
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:libidn2

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-10-22 CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

9.8 2019-10-21 CVE-2019-18224

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

9.8 2017-08-31 CVE-2017-14062

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

9.8 2017-08-31 CVE-2017-14061

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-190 Integer Overflow or Wraparound
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f749c70191.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1447.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Fedora host is missing a security update.
File: fedora_2018-02e23192f5.nasl - Type: ACT_GATHER_INFO
2018-04-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-02.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-09b1c3f099.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b469be1a72.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3434-1.nasl - Type: ACT_GATHER_INFO
2017-10-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3988.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3421-1.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote Fedora host is missing a security update.
File: fedora_2017-fe4f93fde4.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Debian host is missing a security update.
File: debian_DLA-1084.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Debian host is missing a security update.
File: debian_DLA-1085.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2d4ead8da9.nasl - Type: ACT_GATHER_INFO
2017-09-05 Name: The remote Fedora host is missing a security update.
File: fedora_2017-57722ccd30.nasl - Type: ACT_GATHER_INFO