[Bug network/22334] New: denial of service (out-of-bounds read and crash) via crafted UTF-8 data (CVE-2016-6263)
dilfridge at gentoo dot org
sourceware-bugzilla@sourceware.org
Sat Oct 21 18:27:00 GMT 2017
https://sourceware.org/bugzilla/show_bug.cgi?id=22334
Bug ID: 22334
Summary: denial of service (out-of-bounds read and crash) via
crafted UTF-8 data (CVE-2016-6263)
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: dilfridge at gentoo dot org
Target Milestone: ---
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33
allows context-dependent attackers to cause a denial of service (out-of-bounds
read and crash) via crafted UTF-8 data.
This code is still present in its original form in glibc.
CVE:
https://nvd.nist.gov/vuln/detail/CVE-2016-6263
libidn upstream fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
The relevant chunk applies cleanly.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Glibc-bugs
mailing list