CVE-2015-2059

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
gnulibidn
𝑥
≤ 1.30
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libidn
bullseye
1.33-3
fixed
bookworm
1.41-1
fixed
sid
1.42-2
fixed
trixie
1.42-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libidn
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
Fixed 1.28-1ubuntu2.1
released
precise
Fixed 1.23-2ubuntu0.1
released
lucid
ignored
Common Weakness Enumeration
References
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
http://www.debian.org/security/2016/dsa-3578
http://www.openwall.com/lists/oss-security/2015/02/23/25
http://www.securityfocus.com/bid/72736
http://www.ubuntu.com/usn/USN-3068-1
https://github.com/jabberd2/jabberd2/issues/85
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
http://www.debian.org/security/2016/dsa-3578
http://www.openwall.com/lists/oss-security/2015/02/23/25
http://www.securityfocus.com/bid/72736
http://www.ubuntu.com/usn/USN-3068-1
https://github.com/jabberd2/jabberd2/issues/85