PT-2019-4767 · Gnu+4 · Libidn2+4

Publicado

2019-05-23

Atualizado

2019-12-31

CVE-2019-12290

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions GNU libidn2 versions prior to 2.2.0

Description The issue exists due to insufficient input validation in the RFC3490 component of the Libidn2 library. This can be exploited by a remote attacker to create a malicious domain that impersonates a target domain. By creating a domain that matches the target except for certain Unicode characters encoded in punycode, an attacker can impersonate arbitrary domains.

Recommendations For GNU libidn2 versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of punycode conversions to minimize the risk of domain impersonation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2019-1902

ALT-PU-2019-1908

BDU:2020-01339

CVE-2019-12290

MGASA-2019-0416

OPENSUSE-SU-2019:2611-1

OPENSUSE-SU-2019:2613-1

OPENSUSE-SU-2019_2611-1

OPENSUSE-SU-2019_2613-1

OPENSUSE-SU-2024:10950-1

SUSE-SU-2019:3086-1

SUSE-SU-2019_3086-1

USN-4168-1

Produtos afetados

Alt Linux

Astra Linux

Suse

Ubuntu

Libidn2

PT-2019-4767 · Gnu+4 · Libidn2+4

CVE-2019-12290

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64