{"id":"CVE-2017-14062","details":"Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.","modified":"2026-04-11T04:47:40.614435Z","published":"2017-08-31T16:29:00.270Z","related":["MGASA-2017-0365","SUSE-SU-2018:0878-1","SUSE-SU-2018:0903-1","openSUSE-SU-2024:10949-1"],"references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3988"},{"type":"ADVISORY","url":"https://gitlab.com/libidn/libidn2/blob/master/NEWS"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html"},{"type":"FIX","url":"https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libidn/libidn2","events":[{"introduced":"0"},{"fixed":"3c59e74d054ec407b09c2df81877fcfd7411c187"},{"fixed":"3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.4"}]}}],"versions":["libidn2-0.10","libidn2-0.11","libidn2-0.12","libidn2-0.13","libidn2-0.14","libidn2-0.15","libidn2-0.16","libidn2-0.3","libidn2-0.4","libidn2-0.5","libidn2-0.6","libidn2-0.7","libidn2-0.8","libidn2-0.9","libidn2-2.0.0","libidn2-2.0.1","libidn2-2.0.2","libidn2-2.0.3"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","source":"https://gitlab.com/libidn/libidn2@3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd","signature_version":"v1","target":{"function":"decode_digit","file":"lib/puny_decode.c"},"id":"CVE-2017-14062-194d3fc3","digest":{"length":148,"function_hash":"313882673285016518128630165626723743907"}},{"deprecated":false,"signature_type":"Line","source":"https://gitlab.com/libidn/libidn2@3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd","signature_version":"v1","target":{"file":"lib/puny_decode.c"},"id":"CVE-2017-14062-1d28844e","digest":{"threshold":0.9,"line_hashes":["43904967590308749126868750972375720094","18784458650069066797871328945181615331","172304325264056262429336589102177325122","155990908113113352355167740056706910841","264332720225271700911696988311842247249","185260318738334673316606558567720620866","8726986100073362512337504510611391869"]}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14062.json","vanir_signatures_modified":"2026-04-11T04:47:40Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}