The stringpreputf8nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libidn11": "1.28-1ubuntu2.1", "idn-dbgsym": "1.28-1ubuntu2.1", "libidn11-java": "1.28-1ubuntu2.1", "idn": "1.28-1ubuntu2.1", "libidn11-dbgsym": "1.28-1ubuntu2.1", "libidn11-dev": "1.28-1ubuntu2.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libidn11": "1.32-3ubuntu1.1", "idn-dbgsym": "1.32-3ubuntu1.1", "libidn11-java": "1.32-3ubuntu1.1", "idn": "1.32-3ubuntu1.1", "libidn11-dbgsym": "1.32-3ubuntu1.1", "libidn11-dev": "1.32-3ubuntu1.1" } ] }