Created attachment 9039 [details]
libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn.
This has been fixed upstream here:
Attached is a sample input that can be triggered with idn -n.
Found with american fuzzy lop.
*** Bug 22334 has been marked as a duplicate of this bug. ***
*** Bug 22333 has been marked as a duplicate of this bug. ***