CVE-2015-2059

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Published: Aug 12, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-2059
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
gnu / libidn	-	1.30.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	21	21.x

http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
http://www.debian.org/security/2016/dsa-3578
http://www.openwall.com/lists/oss-security/2015/02/23/25
http://www.securityfocus.com/bid/72736
http://www.ubuntu.com/usn/USN-3068-1
https://github.com/jabberd2/jabberd2/issues/85

Vulnerability Database

289,871

CVE-2015-2059