CVE-2016-6262

CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

7.5HIGH

EPSS

4.7%

top 10.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libidn Canonical Ubuntu Linux Opensuse Leap +1 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Alpinelibidn< 1.33-r0+21

▶NVDgnu/libidn1.32

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-53mg-6xcj-rxjq: idn in libidn before 1↗2022-05-13

▶

OSV

CVE-2016-6262: idn in libidn before 1↗2016-09-07

▶

CVEList

CVE-2016-6262: idn in libidn before 1↗2016-09-07

▶

OSV

libidn vulnerabilities↗2016-08-24

▶

📋Vendor Advisories

Ubuntu

Libidn vulnerabilities↗2016-08-24

▶

Red Hat

libidn: Out-of-bounds read when reading zero byte as input↗2016-01-14

▶

Debian

CVE-2016-6262: libidn - idn in libidn before 1.33 might allow remote attackers to obtain sensitive memor...↗2016

▶

💬Community

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [fedora-all]↗2016-07-22

▶

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [epel-7]↗2016-07-22

▶

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 libidn: various flaws [fedora-all]↗2016-07-22

▶

Bugzilla

CVE-2016-6262 libidn: Out-of-bounds read when reading zero byte as input↗2016-07-22

▶