Out-of-bounds Write Affecting libidn package, versions [0,]


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
3.71% (89th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-bounds Write vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CONAN-LIBIDN-10076612
  • published8 May 2025
  • disclosed21 Oct 2019
  • creditUnknown

Introduced: 21 Oct 2019

CVE-2019-18224  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

CVSS Base Scores

version 3.1