Bug 22333

Summary: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
Product: glibc Reporter: Andreas K. Huettel <dilfridge>
Component: networkAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED DUPLICATE    
Severity: normal CC: fweimer, jeremip11
Priority: P2 Flags: fweimer: security-
Version: unspecified   
Target Milestone: ---   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=635010
Host: Target:
Build: Last reconfirmed:

Description Andreas K. Huettel 2017-10-21 18:06:01 UTC 
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2016-6261

libidn upstream fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d

The patch applies cleanly.
Comment 1 Andreas K. Huettel 2017-10-31 22:35:02 UTC 
> 
> The patch applies cleanly.

(but unfortunately requires unrelated code that is not in glibc)
Comment 2 Florian Weimer 2018-01-10 18:35:43 UTC 
Already reported as bug 19728.

*** This bug has been marked as a duplicate of bug 19728 ***
Comment 3 Florian Weimer 2018-01-10 18:36:44 UTC 

*** This bug has been marked as a duplicate of bug 19729 ***
Comment 4 Florian Weimer 2018-01-10 18:39:41 UTC 

*** This bug has been marked as a duplicate of bug 19728 ***