Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities found for libidn by gnu
FKIE_CVE-2016-6263
Vulnerability from fkie_nvd - Published: 2016-09-07 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCA8DA3-3A1C-4ECA-A774-56E9486DFC4A",
"versionEndIncluding": "1.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
},
{
"lang": "es",
"value": "La funci\u00f3n stringprep_utf8_nfkc_normalize en lib/nfkc.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de datos UTF-8 manipulados."
}
],
"id": "CVE-2016-6263",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T20:59:06.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6262
Vulnerability from fkie_nvd - Published: 2016-09-07 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libidn | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCA8DA3-3A1C-4ECA-A774-56E9486DFC4A",
"versionEndIncluding": "1.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
},
{
"lang": "es",
"value": "idn en libidn en versiones anteriores a 1.33 podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de l\u00edmites, una vulnerabilidad diferente a CVE-2015-8948."
}
],
"id": "CVE-2016-6262",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T20:59:05.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6261
Vulnerability from fkie_nvd - Published: 2016-09-07 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | leap | 42.1 | |
| gnu | libidn | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCA8DA3-3A1C-4ECA-A774-56E9486DFC4A",
"versionEndIncluding": "1.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
},
{
"lang": "es",
"value": "La funci\u00f3n idna_to_ascii_4i en lib/idna.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de 64 bytes de entrada."
}
],
"id": "CVE-2016-6261",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T20:59:04.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8948
Vulnerability from fkie_nvd - Published: 2016-09-07 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| gnu | libidn | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCA8DA3-3A1C-4ECA-A774-56E9486DFC4A",
"versionEndIncluding": "1.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "idn en GNU libidn en versiones anteriores a 1.33 podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de rango."
}
],
"id": "CVE-2015-8948",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T20:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2059
Vulnerability from fkie_nvd - Published: 2015-08-12 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libidn | * | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2694F1-C038-4E2D-82A4-EABEA91FB06F",
"versionEndIncluding": "1.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n stringprep_utf8_to_ucs4 en libin en versiones anteriores a 1.31, tal como se utiliza en jabberd2, permite a atacantes dependientes del contexto leer la memoria del sistema y posiblemente tener otro impacto no especificado a trav\u00e9s de caracteres UTF-8 no v\u00e1lidos en una cadena, lo que desencadena una lectura fuera de rango."
}
],
"id": "CVE-2015-2059",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:09.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72736"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-6261 (GCVE-0-2016-6261)
Vulnerability from cvelistv5 – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2015-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6261",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8948 (GCVE-0-2015-8948)
Vulnerability from cvelistv5 – Published: 2016-09-07 20:00 – Updated: 2024-08-06 08:36
VLAI?
Summary
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:30.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8948",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:30.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6263 (GCVE-0-2016-6263)
Vulnerability from cvelistv5 – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6263",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6262 (GCVE-0-2016-6262)
Vulnerability from cvelistv5 – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6262",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2059 (GCVE-0-2015-2059)
Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2014-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-11621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-11621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-11621",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"name": "https://github.com/jabberd2/jabberd2/issues/85",
"refsource": "CONFIRM",
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2059",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:02:43.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6261 (GCVE-0-2016-6261)
Vulnerability from nvd – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2015-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[help-libidn] 20150709 out of bounds stack read in function idna_to_ascii_4i",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6261",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8948 (GCVE-0-2015-8948)
Vulnerability from nvd – Published: 2016-09-07 20:00 – Updated: 2024-08-06 08:36
VLAI?
Summary
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:30.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8948",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:36:30.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6263 (GCVE-0-2016-6263)
Vulnerability from nvd – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "GLSA-201908-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-06"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6263",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6262 (GCVE-0-2016-6262)
Vulnerability from nvd – Published: 2016-09-07 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6262",
"datePublished": "2016-09-07T20:00:00.000Z",
"dateReserved": "2016-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2059 (GCVE-0-2015-2059)
Vulnerability from nvd – Published: 2015-08-12 14:00 – Updated: 2024-08-06 05:02
VLAI?
Summary
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2014-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:43.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-11621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-11621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-11621",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html"
},
{
"name": "DSA-3578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3578"
},
{
"name": "openSUSE-SU-2015:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html"
},
{
"name": "https://github.com/jabberd2/jabberd2/issues/85",
"refsource": "CONFIRM",
"url": "https://github.com/jabberd2/jabberd2/issues/85"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "FEDORA-2015-11562",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html"
},
{
"name": "72736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72736"
},
{
"name": "[oss-security] 20150223 Re: CVE Request: jabberd remote information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/25"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2059",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:02:43.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}