Gnu Libidn2 vulnerabilities
4 known vulnerabilities affecting gnu/libidn2.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2019-12290HIGHCVSS 7.5fixed in 2.2.02019-10-22
CVE-2019-12290 [HIGH] CWE-20 CVE-2019-12290: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would
nvd
CVE-2019-18224CRITICALCVSS 9.8fixed in 2.1.12019-10-21
CVE-2019-18224 [CRITICAL] CWE-787 CVE-2019-18224: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a
idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
nvd
CVE-2017-14061CRITICALCVSS 9.8≤ 2.0.32017-08-31
CVE-2017-14061 [CRITICAL] CWE-190 CVE-2017-14061: Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers t
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
nvd
CVE-2017-14062CRITICALCVSS 9.8fixed in 2.0.42017-08-31
CVE-2017-14062 [CRITICAL] CWE-190 CVE-2017-14062: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
nvd