CVE-2026-57053

MEDIUM NVD

CVSS Score 4

Severity MEDIUM

Published Jun 23, 2026

Vendor unknown

Description

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

References

https://lists.gnu.org/archive/html/help-libidn/2026-05/msg00000.html
https://lists.gnu.org/archive/html/help-libidn/2026-06/msg00001.html