The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
2015-08-12T14:59:09.213
2025-04-12T10:46:40.837
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gnu | libidn | ≤ 1.30 | Yes |
Operating System | opensuse | opensuse | 13.1 | Yes |
Operating System | opensuse | opensuse | 13.2 | Yes |
Operating System | fedoraproject | fedora | 21 | Yes |
Operating System | fedoraproject | fedora | 22 | Yes |