CVE-2016-6261

CWE-125Out-of-bounds Read12 documents8 sources
Severity
7.5HIGH
EPSS
2.7%
top 14.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU LibidnCanonical Ubuntu LinuxOpensuse Leap
Timeline
PublishedSep 7
Latest updateMay 13

Description

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianlibidn< 1.33-1+3
NVDgnu/libidn1.32
NVDopensuse/leap42.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-hr7q-x7xm-q959: The idna_to_ascii_4i function in lib/idna2022-05-13
OSV
CVE-2016-6261: The idna_to_ascii_4i function in lib/idna2016-09-07
CVEList
CVE-2016-6261: The idna_to_ascii_4i function in lib/idna2016-09-07
OSV
libidn vulnerabilities2016-08-24

📋Vendor Advisories

3
Ubuntu
Libidn vulnerabilities2016-08-24
Red Hat
libidn: Out of bounds stack read in idna_to_ascii_4i2016-07-20
Debian
CVE-2016-6261: libidn - The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context...2016

💬Community

4
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [fedora-all]2016-07-22
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [epel-7]2016-07-22
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 libidn: various flaws [fedora-all]2016-07-22
Bugzilla
CVE-2016-6261 libidn: Out of bounds stack read in idna_to_ascii_4i2016-07-22
CVE-2016-6261 (HIGH CVSS 7.5) | The idna_to_ascii_4i function in li | cvebase.io