FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libidn -- out-of-bounds read issue with invalid UTF-8 input

Affected packages
libidn < 1.31

Details

VuXML ID 4caf01e2-30e6-11e5-a4a5-002590263bf5
Discovery 2015-02-09
Entry 2015-07-23
Modified 2015-08-03

Simon Josefsson reports:

stringprep_utf8_to_ucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8...

[source]

References

CVE Name CVE-2015-2059
URL http://git.savannah.gnu.org/cgit/libidn.git/plain/NEWS?id=libidn-1-31

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.