{"id":"CVE-2019-18224","details":"idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.","modified":"2026-04-16T04:31:38.365558504Z","published":"2019-10-21T17:15:09.930Z","related":["CGA-wpxp-666f-225w","SUSE-SU-2019:3086-1","openSUSE-SU-2019:2611-1","openSUSE-SU-2019:2613-1","openSUSE-SU-2024:10950-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/4168-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2020/Feb/4"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-63"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4613"},{"type":"ADVISORY","url":"https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420"},{"type":"FIX","url":"https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libidn/libidn2","events":[{"introduced":"0"},{"fixed":"5c5d7ae143e06c31a6ba3f8eeaef7a3ec943ba55"},{"fixed":"e4d1558aa2c1c04a05066ee8600f37603890ba8c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.1"}]}}],"versions":["libidn2-0.10","libidn2-0.11","libidn2-0.12","libidn2-0.13","libidn2-0.14","libidn2-0.15","libidn2-0.16","libidn2-0.3","libidn2-0.4","libidn2-0.5","libidn2-0.6","libidn2-0.7","libidn2-0.8","libidn2-0.9","libidn2-2.0.0","libidn2-2.0.1","libidn2-2.0.2","libidn2-2.0.3","libidn2-2.0.4","libidn2-2.0.5","libidn2-2.1.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c","target":{"file":"lib/lookup.c","function":"idn2_to_ascii_4i"},"signature_version":"v1","signature_type":"Function","id":"CVE-2019-18224-d1b63e78","deprecated":false,"digest":{"function_hash":"214985951242038317322025943762415417586","length":701}},{"source":"https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c","target":{"file":"lib/lookup.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2019-18224-e627a1e0","deprecated":false,"digest":{"line_hashes":["218593188083772802622278516276379885292","75544740509718557889899472802812714157","88559900838356515207564908305722819563","162592913917631513379925092713417473222","97451075533321452369957433137531049196","287318457797403020141752624756010271903"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18224.json","vanir_signatures_modified":"2026-04-11T09:39:39Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}