help-libidn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#873903: libidn2-0: CVE-2017-14062: integer overflow in decode_digit

From: Tim Rühsen
Subject: Bug#873903: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Date: Fri, 1 Sep 2017 10:09:47 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 
On Fri, 01 Sep 2017 06:52:53 +0200 Salvatore Bonaccorso
<address@hidden> wrote:
> Source: libidn2-0
> Version: 0.10-2
> Severity: important
> Tags: upstream security patch
> 
> Hi,
> 
> the following vulnerability was published for libidn2-0.
> 
> CVE-2017-14062[0]:
> | Integer overflow in the decode_digit function in puny_decode.c in
> | Libidn2 before 2.0.4 allows remote attackers to cause a denial of
> | service or possibly have unspecified other impact.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-14062
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062
> [1] 
> https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd

Just backported the fix from libidn2 into libidn upstream (commit
e9e81b8063b095b02cf104bb992fa9bf9515b9d8).

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]