Gnu Libidn vulnerabilities

CVE-2015-8948 [HIGH] CWE-125 CVE-2015-8948: idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

CVE-2016-6261 [HIGH] CWE-125 CVE-2016-6261: The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVE-2016-6263 [HIGH] CWE-125 CVE-2016-6263: The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-depen The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

CVE-2016-6262 [HIGH] CVE-2016-6262: idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by rea idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

CVE-2015-2059 [HIGH] CWE-119 CVE-2015-2059: The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-depen The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.