Base Score

CRITICAL9.8

CVE-2017-14062

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 31, 2017, 16:29

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.debian.org/security/2017/dsa-3988
https://gitlab.com/libidn/libidn2/blob/master/NEWS
https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH