CVE-2016-6263

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation12 documents8 sources
Severity
7.5HIGH
EPSS
2.0%
top 16.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libidn
Timeline
PublishedSep 7
Latest updateMay 13

Description

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianlibidn< 1.33-1+3
NVDgnu/libidn1.32

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-4q6w-2734-9q8x: The stringprep_utf8_nfkc_normalize function in lib/nfkc2022-05-13
CVEList
CVE-2016-6263: The stringprep_utf8_nfkc_normalize function in lib/nfkc2016-09-07
OSV
CVE-2016-6263: The stringprep_utf8_nfkc_normalize function in lib/nfkc2016-09-07
OSV
libidn vulnerabilities2016-08-24

📋Vendor Advisories

3
Ubuntu
Libidn vulnerabilities2016-08-24
Red Hat
libidn: Crash when given invalid UTF-8 data on input2016-01-14
Debian
CVE-2016-6263: libidn - The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 ...2016

💬Community

4
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [fedora-all]2016-07-22
Bugzilla
CVE-2016-6263 libidn: Crash when given invalid UTF-8 data on input2016-07-22
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [epel-7]2016-07-22
Bugzilla
CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 libidn: various flaws [fedora-all]2016-07-22
CVE-2016-6263 (HIGH CVSS 7.5) | The stringprep_utf8_nfkc_normalize | cvebase.io