Skip to main content

Libidn

1 CVEs product

Monthly

CVE-2026-57053 LOW PATCH Monitor

Out-of-bounds reads of uninitialized memory in GNU libidn before version 1.44 are triggerable through the ToUnicode IDNA APIs when malformed internationalized domain name input is processed by the vulnerable function `idna_to_unicode_internal`. Applications statically or dynamically linked against affected libidn versions that pass attacker-influenced hostname strings to these APIs are exposed to integrity and availability disruption. No public exploit has been identified at time of analysis, and the successor library libidn2 is explicitly confirmed unaffected, providing a viable migration path for defenders.

Buffer Overflow Libidn
NVD VulDB
CVSS 3.1
2.5
EPSS
0.1%
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Out-of-bounds reads of uninitialized memory in GNU libidn before version 1.44 are triggerable through the ToUnicode IDNA APIs when malformed internationalized domain name input is processed by the vulnerable function `idna_to_unicode_internal`. Applications statically or dynamically linked against affected libidn versions that pass attacker-influenced hostname strings to these APIs are exposed to integrity and availability disruption. No public exploit has been identified at time of analysis, and the successor library libidn2 is explicitly confirmed unaffected, providing a viable migration path for defenders.

Buffer Overflow Libidn
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy