Bug 19729 (CVE-2016-6263) - out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_normalize (CVE-2016-6263)
Summary: out of bounds heap read on invalid utf-8 inputs in stringprep_utf8_nfkc_norma...
Status: ASSIGNED
Alias: CVE-2016-6263
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.23
: P2 normal
Target Milestone: ---
Assignee: Florian Weimer
URL:
Keywords:
: 22334 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-02-25 12:25 IST by Hanno Boeck
Modified: 2018-01-10 18:38 IST (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
sample input. (9 bytes, application/octet-stream)
2016-02-25 12:25 IST, Hanno Boeck
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck 2016-02-25 12:25:48 IST
Created attachment 9039 [details]
sample input.

libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn.

This has been fixed upstream here:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555

Attached is a sample input that can be triggered with idn -n.

Found with american fuzzy lop.
Comment 1 Florian Weimer 2018-01-10 18:36:08 IST
*** Bug 22334 has been marked as a duplicate of this bug. ***
Comment 2 Florian Weimer 2018-01-10 18:36:44 IST
*** Bug 22333 has been marked as a duplicate of this bug. ***