Out-of-Bounds Read Vulnerability in GNU libidn by GNU
CVE-2026-57053

4MEDIUM

Key Information:

Vendor: Gnu
Status: Libidn
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-57053?

GNU libidn versions before 1.44 are susceptible to out-of-bounds read vulnerabilities due to mishandling within the ToUnicode APIs, specifically in the idna_to_unicode_internal function. This flaw permits exploitation that could lead to potential information leakage from uninitialized memory, posing risks to system integrity. The issue is not present in libidn2, thereby emphasizing the importance of upgrading to secure versions.

Affected Version(s)

libidn 0 < 1.44

References

https://lists.gnu.org/archive/html/help-libidn/2026-06/ms...

https://lists.gnu.org/archive/html/help-libidn/2026-05/ms...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 23, 2026

CVE-2026-57053 Data

JSON

Gnu

What is CVE-2026-57053?

Affected Version(s)

References

CVSS V3.1

Timeline