{"schema_version":"1.7.2","id":"OESA-2026-2934","modified":"2026-07-09T12:53:19Z","published":"2026-07-09T12:53:19Z","upstream":["CVE-2026-57053"],"summary":"libidn security update","details":"GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn&amp;apos;s purpose is to encode and decode internationalized domain names.\r\n\r\nSecurity Fix(es):\n\nGNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.(CVE-2026-57053)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"libidn","purl":"pkg:rpm/openEuler/libidn&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.36-4.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["libidn-1.36-4.oe2003sp4.aarch64.rpm","libidn-debuginfo-1.36-4.oe2003sp4.aarch64.rpm","libidn-debugsource-1.36-4.oe2003sp4.aarch64.rpm","libidn-devel-1.36-4.oe2003sp4.aarch64.rpm"],"noarch":["libidn-help-1.36-4.oe2003sp4.noarch.rpm"],"src":["libidn-1.36-4.oe2003sp4.src.rpm"],"x86_64":["libidn-1.36-4.oe2003sp4.x86_64.rpm","libidn-debuginfo-1.36-4.oe2003sp4.x86_64.rpm","libidn-debugsource-1.36-4.oe2003sp4.x86_64.rpm","libidn-devel-1.36-4.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2934"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57053"}],"database_specific":{"severity":"Medium"}}
