CVE-2015-2059

Published: 12 August 2015

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Priority

Low

Status

Package Release Status
libidn
Launchpad, Ubuntu, Debian
Upstream
Released (1.32)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.32-3ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.28-1ubuntu2.1)
Patches:
Upstream: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
Upstream: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=58c721ac2dc96bccd737f3f544f3a22a50477bbf