[Secure-testing-team] Bug#873902: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 1 04:52:53 UTC 2017
Source: libidn2-0
Version: 0.10-2
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for libidn2-0.
CVE-2017-14062[0]:
| Integer overflow in the decode_digit function in puny_decode.c in
| Libidn2 before 2.0.4 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062
[1] https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
Regards,
Salvatore
More information about the Secure-testing-team
mailing list