{"schema_version":"1.7.2","id":"OESA-2026-2932","modified":"2026-07-09T12:53:15Z","published":"2026-07-09T12:53:15Z","upstream":["CVE-2026-57053"],"summary":"libidn security update","details":"GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn&amp;apos;s purpose is to encode and decode internationalized domain names.\r\n\r\nSecurity Fix(es):\n\nGNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.(CVE-2026-57053)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"libidn","purl":"pkg:rpm/openEuler/libidn&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.41-2.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["libidn-1.41-2.oe2403sp1.aarch64.rpm","libidn-debuginfo-1.41-2.oe2403sp1.aarch64.rpm","libidn-debugsource-1.41-2.oe2403sp1.aarch64.rpm","libidn-devel-1.41-2.oe2403sp1.aarch64.rpm"],"noarch":["libidn-help-1.41-2.oe2403sp1.noarch.rpm"],"src":["libidn-1.41-2.oe2403sp1.src.rpm"],"x86_64":["libidn-1.41-2.oe2403sp1.x86_64.rpm","libidn-debuginfo-1.41-2.oe2403sp1.x86_64.rpm","libidn-debugsource-1.41-2.oe2403sp1.x86_64.rpm","libidn-devel-1.41-2.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2932"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57053"}],"database_specific":{"severity":"Medium"}}
