Skip to main content

Libidn2

4 CVEs product

Monthly

CVE-2019-12290 HIGH PATCH This Week

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libidn2
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-18224 CRITICAL POC PATCH Act Now

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libidn2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2017-14062 CRITICAL PATCH Act Now

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2 Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2017-14061 CRITICAL PATCH Act Now

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2
NVD
CVSS 3.0
9.8
EPSS
0.6%
EPSS 3% CVSS 7.5
HIGH PATCH This Week

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libidn2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libidn2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2 +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libidn2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy