This is the mail archive of the
mailing list for the glibc project.
[Bug network/22333] New: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
- From: "dilfridge at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 21 Oct 2017 18:06:01 +0000
- Subject: [Bug network/22333] New: out of bounds stack read in libidn (CVE-2016-6261) unpatched in libc
- Auto-submitted: auto-generated
Bug ID: 22333
Summary: out of bounds stack read in libidn (CVE-2016-6261)
unpatched in libc
Assignee: unassigned at sourceware dot org
Reporter: dilfridge at gentoo dot org
Target Milestone: ---
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows
context-dependent attackers to cause a denial of service (out-of-bounds read
and crash) via 64 bytes of input.
libidn upstream fix:
The patch applies cleanly.
You are receiving this mail because:
You are on the CC list for the bug.