Your submission was sent successfully! Close

CVE-2017-14062

Published: 31 August 2017

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

From the Ubuntu security team

USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libidn
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(1.33-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.33-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.33-2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.33-2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.32-3ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.28-1ubuntu2.2)
libidn2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(fixed already)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(fixed already)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(fixed already)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(fixed already)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libidn2-0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.9-1ubuntu0.1~esm1)