PublicDateAtUSN: 2015-12-31
Candidate: CVE-2015-8948
PublicDate: 2016-09-07 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948
 https://marc.info/?l=oss-security&m=146910769415616&w=2
 https://ubuntu.com/security/notices/USN-3068-1
Description:
 idn in GNU libidn before 1.33 might allow remote attackers to obtain
 sensitive memory information by reading a zero byte as input, which
 triggers an out-of-bounds read.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Hanno Böck
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_libidn:
 upstream: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
upstream_libidn: released (1.33-1)
precise_libidn: released (1.23-2ubuntu0.1)
precise/esm_libidn: released (1.23-2ubuntu0.1)
trusty_libidn: released (1.28-1ubuntu2.1)
trusty/esm_libidn: released (1.28-1ubuntu2.1)
vivid/stable-phone-overlay_libidn: ignored (reached end-of-life)
vivid/ubuntu-core_libidn: released (1.28-1ubuntu2.15.04.1)
wily_libidn: ignored (reached end-of-life)
xenial_libidn: released (1.32-3ubuntu1.1)
esm-infra/xenial_libidn: released (1.32-3ubuntu1.1)
yakkety_libidn: not-affected (1.33-1)
zesty_libidn: not-affected (1.33-1)
devel_libidn: not-affected (1.33-1)