19729 – (CVE-2016-6263) out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize (CVE-2016-6263)

Bug 19729 (CVE-2016-6263) - out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize (CVE-2016-6263)

Summary: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_norma...

Status:	ASSIGNED

Alias:	CVE-2016-6263

Product:	glibc
Classification:	Unclassified
Component:	network (show other bugs)
Version:	2.23

Importance:	P2 normal
Target Milestone:	---
Assignee:	Florian Weimer

URL:
Keywords:

Duplicates (1):	22334 (view as bug list)
Depends on:
Blocks:

Reported:	2016-02-25 12:25 IST by Hanno Boeck
Modified:	2018-01-10 18:38 IST (History)
CC List:	3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
sample input. (9 bytes, application/octet-stream) 2016-02-25 12:25 IST, Hanno Boeck	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Boeck 2016-02-25 12:25:48 IST

Created attachment 9039 [details]
sample input.

libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn.

This has been fixed upstream here:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555

Attached is a sample input that can be triggered with idn -n.

Found with american fuzzy lop.

Comment 1 Florian Weimer 2018-01-10 18:36:08 IST

*** Bug 22334 has been marked as a duplicate of this bug. ***

Comment 2 Florian Weimer 2018-01-10 18:36:44 IST

*** Bug 22333 has been marked as a duplicate of this bug. ***