CVE-2015-2059

Currently unrated

Key Information:

Vendor: Gnu
Status: Libidn
Vendor: CVE Published:; 12 August 2015

Summary

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.debian.org/security/2016/dsa-3578

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-updates/2015-07/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 12, 2015
Vulnerability Reserved
Feb 23, 2015