Bug 22333 - out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
Summary: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
Status: RESOLVED DUPLICATE of bug 19728
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-21 18:06 UTC by Andreas K. Huettel
Modified: 2018-03-31 12:44 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Huettel 2017-10-21 18:06:01 UTC
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2016-6261

libidn upstream fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d

The patch applies cleanly.
Comment 1 Andreas K. Huettel 2017-10-31 22:35:02 UTC
> 
> The patch applies cleanly.

(but unfortunately requires unrelated code that is not in glibc)
Comment 2 Florian Weimer 2018-01-10 18:35:43 UTC
Already reported as bug 19728.

*** This bug has been marked as a duplicate of bug 19728 ***
Comment 3 Florian Weimer 2018-01-10 18:36:44 UTC

*** This bug has been marked as a duplicate of bug 19729 ***
Comment 4 Florian Weimer 2018-01-10 18:39:41 UTC

*** This bug has been marked as a duplicate of bug 19728 ***