This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/22333] New: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc

From: "dilfridge at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sat, 21 Oct 2017 18:06:01 +0000
Subject: [Bug network/22333] New: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=22333

            Bug ID: 22333
           Summary: out of bounds stack read in libidn (CVE-2016-6261)
                    unpatched in libc
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: dilfridge at gentoo dot org
  Target Milestone: ---

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows
context-dependent attackers to cause a denial of service (out-of-bounds read
and crash) via 64 bytes of input.

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2016-6261

libidn upstream fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d

The patch applies cleanly.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug network/22333] out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
  - From: dilfridge at gentoo dot org
- [Bug network/22333] out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
  - From: dilfridge at gentoo dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]