libidn/libidn2

libidn/libidn2

Releases32

Frequency5 months 1 week

Last Release over 1 year ago

Stars11

Libidn2 is a free software implementation of IDNA2008, Punycode and Unicode TR46 - https://www.gnu.org/s/libidn/#libidn2

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-12290 ↗	Oct 22, 2019Tuesday, 22 October 2019, 16:15	7.5 HIGH	5 MEDIUM
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVE-2017-14061 ↗	Aug 31, 2017Thursday, 31 August 2017, 16:29	—	7.5 HIGH
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14062 ↗	Aug 31, 2017Thursday, 31 August 2017, 16:29	9.8 CRITICAL	7.5 HIGH
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.