CVE-2019-18224

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
9.8CRITICAL
EPSS
2.4%
top 14.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libidn2
Timeline
PublishedOct 21
Latest updateMay 24

Description

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgnu/libidn2< 2.1.1
Debianlibidn2< 2.2.0-1+3
Ubuntulibidn2< 2.0.4-1.1ubuntu0.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-j2c9-63g7-697x: idn2_to_ascii_4i in lib/lookup2022-05-24
OSV
libidn2 vulnerabilities2019-10-29
OSV
CVE-2019-18224: idn2_to_ascii_4i in lib/lookup2019-10-21
CVEList
CVE-2019-18224: idn2_to_ascii_4i in lib/lookup2019-10-21

📋Vendor Advisories

3
Ubuntu
Libidn2 vulnerabilities2019-10-29
Red Hat
libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c2019-01-07
Debian
CVE-2019-18224: libidn2 - idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based bu...2019

💬Community

5
Bugzilla
CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c [epel-all]2019-10-23
Bugzilla
CVE-2019-18224 mingw-libidn2: libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c [epel-7]2019-10-23
Bugzilla
CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c [fedora-all]2019-10-23
Bugzilla
CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c2019-10-23
Bugzilla
CVE-2019-18224 mingw-libidn2: libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c [fedora-all]2019-10-23
CVE-2019-18224 (CRITICAL CVSS 9.8) | idn2_to_ascii_4i in lib/lookup.c in | cvebase.io