CVE Catalog

CVE-2026-57053

MediumCVSS 4.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

GNU libidn before version 1.44 is vulnerable to out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in the idna_to_unicode_internal function. The vulnerable code is not present in libidn2.

Risk Assessment

An attacker could exploit this vulnerability to access sensitive data in memory or cause a crash in applications using libidn, potentially leading to information disclosure or denial of service.

Recommendation

Immediately update GNU libidn to version 1.44 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS