ID CVE-2016-6262
Summary idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
References
Vulnerable Configurations
  • GNU Libidn 1.32
    cpe:2.3:a:gnu:libidn:1.32
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 5.0 (as of 08-09-2016 - 10:17)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-610FE5F5F8.NASL
    description Security fix for CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92800
    published 2016-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92800
    title Fedora 23 : libidn (2016-610fe5f5f8)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2079-1.NASL
    description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93292
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93292
    title SUSE SLED12 / SLES12 Security Update : libidn (SUSE-SU-2016:2079-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-925.NASL
    description This libidn update to version 1.33 fixes the following issues : Security issues fixed : - CVE-2015-8948, CVE-2016-6262: Fixed an out-of-bounds-read when reading one zero byte as input (bsc#990189). - CVE-2016-6263: Fixed stringprep_utf8_nfkc_normalize to reject invalid UTF-8 (bsc#boo#990191). Included bugfixes : - Fixed crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz (introduced in 1.31). - API and ABI is backwards compatible with the previous version. - Update gpg keyring
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92743
    published 2016-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92743
    title openSUSE Security Update : libidn (openSUSE-2016-925)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2291-1.NASL
    description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93459
    published 2016-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93459
    title SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-42514BEE97.NASL
    description Security fix for CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92529
    published 2016-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92529
    title Fedora 24 : libidn (2016-42514bee97)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CB5189EB572F11E6B334002590263BF5.NASL
    description Simon Josefsson reports : libidn: Fix out-of-bounds stack read in idna_to_ascii_4i. idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 92652
    published 2016-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92652
    title FreeBSD : libidn -- multiple vulnerabilities (cb5189eb-572f-11e6-b334-002590263bf5)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3068-1.NASL
    description Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059) Hanno Bock discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 93107
    published 2016-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93107
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libidn vulnerabilities (USN-3068-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-F99C0A8B69.NASL
    description Update to 1.33 (#1374902,#1359147,#1359148) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-11-15
    plugin id 94888
    published 2016-11-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94888
    title Fedora 25 : mingw-libidn (2016-f99c0a8b69)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-210-01.NASL
    description New libidn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2016-10-19
    plugin id 92607
    published 2016-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92607
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libidn (SSA:2016-210-01)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1014.NASL
    description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93092
    published 2016-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93092
    title openSUSE Security Update : libidn (openSUSE-2016-1014)
refmap via4
bid 92070
confirm http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
mlist
  • [help-libidn] 20160720 Libidn 1.33 released
  • [oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33
  • [oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33
suse
  • openSUSE-SU-2016:1924
  • openSUSE-SU-2016:2135
ubuntu USN-3068-1
Last major update 08-09-2016 - 10:42
Published 07-09-2016 - 16:59
Last modified 30-10-2018 - 12:27
Back to Top