The stringpreputf8nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "1.32"
}
],
"source": "CPE_RANGE",
"vendor_product": "gnu:libidn",
"cpes": [
"cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*"
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "1.33"
}
]
}
]
}