ALAS2-2019-1373

Affecting libidn2 package, versions <2.3.0-1.amzn2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-18224: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. 1764780: CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c CVE-2019-12290: 99999:

References

CVE
ALAS2-2019-1373
Snyk ID
SNYK-AMZN2-LIBIDN2-538049
Published
18 Dec, 2019