CVE-2016-6263

Published on: 09/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Libidn from Gnu contain the following vulnerability:

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

  • CVE-2016-6263 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
oss-security - CVE request: multiple issues fixed in GNU libidn 1.33 Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
USN-3068-1: Libidn vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3068-1
Libidn 1.33 released Vendor Advisory
lists.gnu.org
text/html
URL Logo MLIST [help-libidn] 20160720 Libidn 1.33 released
GNU Libidn Multiple Remote Security Vulnerabilities Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 92070
libidn.git - GNU libidn Issue Tracking
Patch
git.savannah.gnu.org
text/html
URL Logo CONFIRM git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
openSUSE-SU-2016:2135-1: moderate: Security update for libidn Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2135
openSUSE-SU-2016:1924-1: moderate: Security update for libidn Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1924
glibc: Multiple vulnerabilities (GLSA 201908-06) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201908-06
Debian -- Security Information -- DSA-3658-1 libidn www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3658
oss-security - Re: CVE request: multiple issues fixed in GNU libidn 1.33 Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationGnuLibidnAllAllAllAll
  • cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*: