libidn: Multiple security issues (CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261)
CVE-2016-6263: Crash when given invalid UTF-8 data on input
CVE-2015-8948: Out-of-bounds read due to use of fgets with fixed-size buffer
CVE-2016-6262: Out-of-bounds read when reading zero byte as input
CVE-2016-6261: Out of bounds stack read in idna_to_ascii_4i
Fixed In Version:
libidn 1.33
References and patches:
http://seclists.org/oss-sec/2016/q3/124
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
(from redmine: issue id 5964, created on 2016-07-26, closed on 2016-08-09)
- Relations:
- child #5965 (closed)
- child #5966 (closed)
- child #5967 (closed)
- child #5968 (closed)
- child #5969 (closed)