{"id":"OESA-2026-2934","summary":"libidn security update","details":"GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn&amp;apos;s purpose is to encode and decode internationalized domain names.\r\n\r\nSecurity Fix(es):\n\nGNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.(CVE-2026-57053)","modified":"2026-07-14T08:15:08.362555168Z","published":"2026-07-09T12:53:19Z","upstream":["CVE-2026-57053"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2934"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57053"}],"affected":[{"package":{"name":"libidn","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/libidn&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.36-4.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["libidn-1.36-4.oe2003sp4.aarch64.rpm","libidn-debuginfo-1.36-4.oe2003sp4.aarch64.rpm","libidn-debugsource-1.36-4.oe2003sp4.aarch64.rpm","libidn-devel-1.36-4.oe2003sp4.aarch64.rpm"],"noarch":["libidn-help-1.36-4.oe2003sp4.noarch.rpm"],"src":["libidn-1.36-4.oe2003sp4.src.rpm"],"x86_64":["libidn-1.36-4.oe2003sp4.x86_64.rpm","libidn-debuginfo-1.36-4.oe2003sp4.x86_64.rpm","libidn-debugsource-1.36-4.oe2003sp4.x86_64.rpm","libidn-devel-1.36-4.oe2003sp4.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2934.json"}}],"schema_version":"1.7.5"}