Out-of-Bounds Read in jabberd2 Affecting Libin Versions Prior to 1.31
CVE-2015-2059

Currently unrated

Key Information:

Vendor: Gnu
Status: Libidn
Vendor: CVE Published:; 12 August 2015

Summary

A vulnerability exists in the stringprep_utf8_to_ucs4 function within the libin library, as utilized by jabberd2, which can be exploited by context-dependent attackers. By supplying malformed UTF-8 strings, an attacker can trigger an out-of-bounds read, leading to potential information leakage from system memory or other unspecified impacts. This vulnerability poses a risk to systems running affected versions of jabberd2, warranting prompt attention and remediation.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.debian.org/security/2016/dsa-3578

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-updates/2015-07/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 12, 2015
Vulnerability Reserved
Feb 23, 2015