This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22247] New: CVE-2017-14062 : Integer overflow in the decode_digit function in puny_decode.c in libidn
- From: "dilfridge at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 04 Oct 2017 11:13:25 +0000
- Subject: [Bug libc/22247] New: CVE-2017-14062 : Integer overflow in the decode_digit function in puny_decode.c in libidn
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22247
Bug ID: 22247
Summary: CVE-2017-14062 : Integer overflow in the decode_digit
function in puny_decode.c in libidn
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: dilfridge at gentoo dot org
CC: drepper.fsp at gmail dot com
Target Milestone: ---
In bug Gentoo-629466 [1] Jeroen Roovers found that glibc is vulnerable to the
same CVE-2017-14062 [2] as libidn is; see also bug Gentoo-632556 [3].
"Integer overflow in the decode_digit function in puny_decode.c in Libidn2
before 2.0.4 allows remote attackers to cause a denial of service or possibly
have unspecified other impact."
The backport to libidn-1, which should also apply to the glibc code, can be
found here [4].
[1] https://bugs.gentoo.org/show_bug.cgi?id=629466
[2] https://nvd.nist.gov/vuln/detail/CVE-2017-14062
[3] https://bugs.gentoo.org/632556
[4]
https://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commitdiff;h=e9e81b8063b095b02cf104bb992fa9bf9515b9d8
--
You are receiving this mail because:
You are on the CC list for the bug.