CVE-2017-14061

Name	CVE-2017-14061
Description	Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	873904

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libidn (PTS)	jessie, jessie (lts)	1.29-1+deb8u3	fixed
	stretch	1.33-1+deb9u1	fixed
	buster	1.33-2.2	fixed
	bullseye	1.33-3	fixed
	bookworm	1.41-1	fixed
	sid, trixie	1.42-2	fixed
libidn2-0 (PTS)	jessie, jessie (lts)	0.10-2+deb8u1	fixed
	stretch (security), stretch (lts), stretch	0.16-1+deb9u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
libidn	source	(unstable)	(not affected)
libidn2-0	source	wheezy	(not affected)
libidn2-0	source	jessie	(not affected)
libidn2-0	source	stretch	(not affected)
libidn2-0	source	(unstable)	2.0.2-4	873904

Notes

[stretch] - libidn2-0 <not-affected> (Vulnerable code not present)
[jessie] - libidn2-0 <not-affected> (Vulnerable code not present)
[wheezy] - libidn2-0 <not-affected> (Vulnerable code not present)
- libidn <not-affected> (Vulnerable code not present)
https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305