CVE-2017-14062

CWE-190Integer Overflow15 documents8 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 20.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU Libidn2Debian Debian Linux
Timeline
PublishedAug 31
Latest updateMay 13

Description

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDgnu/libidn2< 2.0.4
Debianlibidn< 1.33-2+3

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-783h-w6p2-278g: Integer overflow in the decode_digit function in puny_decode2022-05-13
CVEList
CVE-2017-14062: Integer overflow in the decode_digit function in puny_decode2017-08-31
OSV
CVE-2017-14062: Integer overflow in the decode_digit function in puny_decode2017-08-31

📋Vendor Advisories

6
Ubuntu
Libidn2 vulnerability2021-03-15
Ubuntu
Libidn vulnerability2017-10-23
Ubuntu
Libidn vulnerability2017-10-02
Ubuntu
Libidn2 vulnerability2017-09-18
Red Hat
libidn2: Integer overflow in puny_decode.c/decode_digit2017-08-30

💬Community

5
Bugzilla
CVE-2017-14062 mingw-libidn2: libidn2: Integer overflow in puny_decode.c/decode_digit [epel-7]2017-09-04
Bugzilla
CVE-2017-14062 libidn2: Integer overflow in puny_decode.c/decode_digit2017-08-30
Bugzilla
CVE-2017-14061 CVE-2017-14062 libidn2: various flaws [epel-all]2017-08-30
Bugzilla
CVE-2017-14061 CVE-2017-14062 libidn2: various flaws [fedora-all]2017-08-30
Bugzilla
CVE-2017-14061 CVE-2017-14062 mingw-libidn2: various flaws [fedora-all]2017-08-30
CVE-2017-14062 (CRITICAL CVSS 9.8) | Integer overflow in the decode_digi | cvebase.io