<p>Upgrade <code>libidn</code> to version 1.33 or higher.</p>

Out-of-bounds Read Affecting libidn package, versions <1.33

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

EPSS 0.29% (65^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-COCOAPODS-LIBIDN-470988
published 2 Oct 2019
disclosed 14 Jan 2016
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 14 Jan 2016

CVE-2016-6262 Open this link in a new tab CWE-125 Open this link in a new tab

How to fix?

Upgrade libidn to version 1.33 or higher.

Overview

libidn is an Encode/decode i18n domains using Stringprep, Punycode and IDNA.

Affected versions of this package are vulnerable to Out-of-bounds Read. It is susceptible to sensitive memory information leak which is possible when an attacker reads an input of zero byte.

References

Fix Commit
OpenSuse Security Update
Release Note
Ubuntu security notice