Simon Josefsson

7 exploits Active since Aug 2017
CVE-2017-14061 WRITEUP CRITICAL WRITEUP
Libidn2 <2.0.4 - DoS
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
CVE-2017-14062 WRITEUP CRITICAL WRITEUP
Libidn2 <2.0.4 - DoS
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVSS 9.8
CVE-2019-12290 WRITEUP HIGH STUB
GNU libidn2 <2.2.0 - SSRF
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVSS 7.5
CVE-2021-46848 WRITEUP CRITICAL WRITEUP
GNU Libtasn1 <4.19.0 - Buffer Overflow
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVSS 9.1
CVE-2022-2469 WRITEUP LOW WRITEUP
Gnu Sasl < 2.0.1 - Out-of-Bounds Read
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVSS 3.8
CVE-2022-2469 WRITEUP LOW WRITEUP
Gnu Sasl < 2.0.1 - Out-of-Bounds Read
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
CVSS 3.8
CVE-2024-47191 WRITEUP HIGH WRITEUP
oath-toolkit <2.6.12 - Privilege Escalation
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
CVSS 7.1