CVE-2026-57053
MediumCVSS 4.0Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
GNU libidn before version 1.44 is vulnerable to out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in the idna_to_unicode_internal function. The vulnerable code is not present in libidn2.
Risk Assessment
An attacker could exploit this vulnerability to access sensitive data in memory or cause a crash in applications using libidn, potentially leading to information disclosure or denial of service.
Recommendation
Immediately update GNU libidn to version 1.44 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

