idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

According to the versions of the libidn package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - idn in GNU libidn before 1.33 might allow remote     attackers to obtain sensitive memory information by     reading a zero byte as input, which triggers an     out-of-bounds read.(CVE-2015-8948)

  - The idna_to_ascii_4i function in lib/idna.c in libidn     before 1.33 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and crash) via     64 bytes of input.(CVE-2016-6261)

  - idn in libidn before 1.33 might allow remote attackers     to obtain sensitive memory information by reading a     zero byte as input, which triggers an out-of-bounds     read, a different vulnerability than     CVE-2015-8948.(CVE-2016-6262)

  - The stringprep_utf8_nfkc_normalize function in     lib/nfkc.c in libidn before 1.33 allows     context-dependent attackers to cause a denial of     service (out-of-bounds read and crash) via crafted     UTF-8 data.(CVE-2016-6263)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libidn package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - idn in GNU libidn before 1.33 might allow remote     attackers to obtain sensitive memory information by     reading a zero byte as input, which triggers an     out-of-bounds read.(CVE-2015-8948)

  - idn in libidn before 1.33 might allow remote attackers     to obtain sensitive memory information by reading a     zero byte as input, which triggers an out-of-bounds     read, a different vulnerability than     CVE-2015-8948.(CVE-2016-6262)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libidn package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - idn in libidn before 1.33 might allow remote attackers     to obtain sensitive memory information by reading a     zero byte as input, which triggers an out-of-bounds     read, a different vulnerability than     CVE-2015-8948.(CVE-2016-6262)

  - idn in GNU libidn before 1.33 might allow remote     attackers to obtain sensitive memory information by     reading a zero byte as input, which triggers an     out-of-bounds read.(CVE-2015-8948)

  - The stringprep_utf8_nfkc_normalize function in     lib/nfkc.c in libidn before 1.33 allows     context-dependent attackers to cause a denial of     service (out-of-bounds read and crash) via crafted     UTF-8 data.(CVE-2016-6263)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libidn package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The stringprep_utf8_nfkc_normalize function in     lib/nfkc.c in libidn before 1.33 allows     context-dependent attackers to cause a denial of     service (out-of-bounds read and crash) via crafted     UTF-8 data.(CVE-2016-6263)

  - idn in libidn before 1.33 might allow remote attackers     to obtain sensitive memory information by reading a     zero byte as input, which triggers an out-of-bounds     read, a different vulnerability than     CVE-2015-8948.(CVE-2016-6262)

  - The idna_to_ascii_4i function in lib/idna.c in libidn     before 1.33 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and crash) via     64 bytes of input.(CVE-2016-6261)

  - idn in GNU libidn before 1.33 might allow remote     attackers to obtain sensitive memory information by     reading a zero byte as input, which triggers an     out-of-bounds read.(CVE-2015-8948)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 1.33 (#1374902,#1359147,#1359148)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libidn fixes the following issues :

  - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when     reading one zero byte as input (bsc#990189)

  - CVE-2016-6261: Out-of-bounds stack read in     idna_to_ascii_4i (bsc#990190)

  - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject     invalid UTF-8 (bsc#990191)

  - CVE-2015-2059: out-of-bounds read with stringprep on     invalid UTF-8 (bsc#923241)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Hanno Boeck discovered multiple vulnerabilities in libidn, the GNU library for Internationalized Domain Names (IDNs), allowing a remote attacker to cause a denial of service against an application using the libidn library (application crash).

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059)

Hanno Bock discovered that Libidn incorrectly handled certain input.
A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libidn fixes the following issues :

  - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when     reading one zero byte as input (bsc#990189)

  - CVE-2016-6261: Out-of-bounds stack read in     idna_to_ascii_4i (bsc#990190) 

  - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject     invalid UTF-8 (bsc#990191)

  - CVE-2015-2059: out-of-bounds read with stringprep on     invalid UTF-8 (bsc#923241) 

This update was imported from the SUSE:SLE-12:Update update project.

Security fix for CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This libidn update to version 1.33 fixes the following issues :

Security issues fixed :

  - CVE-2015-8948, CVE-2016-6262: Fixed an     out-of-bounds-read when reading one zero byte as input     (bsc#990189).

  - CVE-2016-6263: Fixed stringprep_utf8_nfkc_normalize to     reject invalid UTF-8 (bsc#boo#990191).

Included bugfixes :

  - Fixed crash in idna_to_unicode_8z8z and     idna_to_unicode_8zlz (introduced in 1.31).

  - API and ABI is backwards compatible with the previous     version.

  - Update gpg keyring

Multiple vulnerabilities have been discovered in libidn. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2015-8948

When idn is reading one zero byte as input an out-of-bounds-read occurred.

CVE-2016-6261

An out-of-bounds stack read is exploitable in idna_to_ascii_4i.

CVE-2016-6263

stringprep_utf8_nfkc_normalize reject invalid UTF-8, causes a crash.

For Debian 7 'Wheezy', these problems have been fixed in version 1.25-2+deb7u2.

We recommend that you upgrade your libidn packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Simon Josefsson reports :

libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.

idn: Solve out-of-bounds-read when reading one zero byte as input.
Also replaced fgets with getline.

libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data.

New libidn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

ID	Name	Product	Family	Severity
134554	EulerOS Virtualization for ARM 64 3.0.2.0 : libidn (EulerOS-SA-2020-1265)	Nessus	Huawei Local Security Checks	high
132143	EulerOS 2.0 SP3 : libidn (EulerOS-SA-2019-2608)	Nessus	Huawei Local Security Checks	high
131884	EulerOS 2.0 SP2 : libidn (EulerOS-SA-2019-2392)	Nessus	Huawei Local Security Checks	high
130668	EulerOS 2.0 SP5 : libidn (EulerOS-SA-2019-2206)	Nessus	Huawei Local Security Checks	high
94888	Fedora 25 : mingw-libidn (2016-f99c0a8b69)	Nessus	Fedora Local Security Checks	high
93459	SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1)	Nessus	SuSE Local Security Checks	high
93292	SUSE SLED12 / SLES12 Security Update : libidn (SUSE-SU-2016:2079-1)	Nessus	SuSE Local Security Checks	high
93254	Debian DSA-3658-1 : libidn - security update	Nessus	Debian Local Security Checks	high
93107	Ubuntu 14.04 LTS / 16.04 LTS : Libidn vulnerabilities (USN-3068-1)	Nessus	Ubuntu Local Security Checks	high
93092	openSUSE Security Update : libidn (openSUSE-2016-1014)	Nessus	SuSE Local Security Checks	high
92800	Fedora 23 : libidn (2016-610fe5f5f8)	Nessus	Fedora Local Security Checks	high
92743	openSUSE Security Update : libidn (openSUSE-2016-925)	Nessus	SuSE Local Security Checks	high
92683	Debian DLA-582-1 : libidn security update	Nessus	Debian Local Security Checks	high
92652	FreeBSD : libidn -- multiple vulnerabilities (cb5189eb-572f-11e6-b334-002590263bf5)	Nessus	FreeBSD Local Security Checks	high
92607	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libidn (SSA:2016-210-01)	Nessus	Slackware Local Security Checks	high
92529	Fedora 24 : libidn (2016-42514bee97)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2015-8948

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high