The idnatoascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "idn", "binary_version": "1.28-1ubuntu2.1" }, { "binary_name": "idn-dbgsym", "binary_version": "1.28-1ubuntu2.1" }, { "binary_name": "libidn11", "binary_version": "1.28-1ubuntu2.1" }, { "binary_name": "libidn11-dbgsym", "binary_version": "1.28-1ubuntu2.1" }, { "binary_name": "libidn11-dev", "binary_version": "1.28-1ubuntu2.1" }, { "binary_name": "libidn11-java", "binary_version": "1.28-1ubuntu2.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "idn", "binary_version": "1.32-3ubuntu1.1" }, { "binary_name": "idn-dbgsym", "binary_version": "1.32-3ubuntu1.1" }, { "binary_name": "libidn11", "binary_version": "1.32-3ubuntu1.1" }, { "binary_name": "libidn11-dbgsym", "binary_version": "1.32-3ubuntu1.1" }, { "binary_name": "libidn11-dev", "binary_version": "1.32-3ubuntu1.1" }, { "binary_name": "libidn11-java", "binary_version": "1.32-3ubuntu1.1" } ] }