CVE-2019-18224

Public on 2019-10-21

Modified on 2019-12-19

Description

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

Severity

Medium

CVSS v3 Base Score

5.6

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	libidn2	2019-12-13	ALAS-2019-1327	Fixed
Amazon Linux 2 - Core	libidn2	2019-12-13	ALAS2-2019-1373	Fixed