FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libidn -- multiple vulnerabilities

Affected packages
libidn < 1.33


VuXML ID cb5189eb-572f-11e6-b334-002590263bf5
Discovery 2016-07-20
Entry 2016-07-31

Simon Josefsson reports:

libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.

idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline.

libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data.


CVE Name CVE-2015-8948
CVE Name CVE-2016-6261
CVE Name CVE-2016-6262
CVE Name CVE-2016-6263