GNU libidn up to 1.32 lib/nfkc.c stringprep_utf8_nfkc_normalize out-of-bounds

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in GNU libidn up to 1.32. This affects the function stringprep_utf8_nfkc_normalize in the library lib/nfkc.c. This manipulation causes out-of-bounds.
This vulnerability appears as CVE-2016-6263. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.
Details
A vulnerability has been found in GNU libidn up to 1.32 and classified as critical. Affected by this vulnerability is the function stringprep_utf8_nfkc_normalize in the library lib/nfkc.c. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect availability. The summary by CVE is:
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
The weakness was presented 09/07/2016 by Hanno Boeck (Website). It is possible to read the advisory at git.savannah.gnu.org. This vulnerability is known as CVE-2016-6263 since 07/21/2016. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 93292 (SUSE SLED12 / SLES12 Security Update : libidn (SUSE-SU-2016:2079-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 169072 (SUSE Enterprise Linux Security Update for libidn (SUSE-SU-2016:2079-1)).
Upgrading to version 1.33 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (93292) and SecurityFocus (BID 92070†). See VDB-91349, VDB-91361 and VDB-91362 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
- 1.0
- 1.1
- 1.2
- 1.3
- 1.4
- 1.5
- 1.6
- 1.7
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
- 1.19
- 1.20
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
- 1.26
- 1.27
- 1.28
- 1.29
- 1.30
- 1.31
- 1.32
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 93292
Nessus Name: SUSE SLED12 / SLES12 Security Update : libidn (SUSE-SU-2016:2079-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 866468
OpenVAS Name: Ubuntu Update for libidn USN-3068-1
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: libidn 1.33
Patch: git.savannah.gnu.org
Timeline
07/20/2016 🔍07/21/2016 🔍
08/16/2016 🔍
09/02/2016 🔍
09/07/2016 🔍
09/07/2016 🔍
09/08/2016 🔍
09/15/2022 🔍
Sources
Vendor: gnu.orgAdvisory: USN-3068-1
Researcher: Hanno Boeck
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-6263 (🔍)
GCVE (CVE): GCVE-0-2016-6263
GCVE (VulDB): GCVE-100-91363
OVAL: 🔍
SecurityFocus: 92070 - GNU Libidn Multiple Remote Security Vulnerabilities
See also: 🔍
Entry
Created: 09/08/2016 21:58Updated: 09/15/2022 08:58
Changes: 09/08/2016 21:58 (66), 04/12/2019 06:00 (14), 09/15/2022 08:58 (5)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.