GNU libidn <1.44 OOB Read in ToUnicode API: CVE-2026-57053 June 2026

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

Vulnerability Analysis

CVE-2026-57053 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Products Associated with CVE-2026-57053

Want to know whenever a new CVE is published for GNU Libidn? stack.watch will email you.

GNU libidn <1.44 OOB Read in ToUnicode API
CVE-2026-57053 Published on June 23, 2026

Vulnerability Analysis

Weakness Type

Improper Validation of Specified Quantity in Input

Products Associated with CVE-2026-57053

Affected Versions

GNU libidn <1.44 OOB Read in ToUnicode APICVE-2026-57053 Published on June 23, 2026

Vulnerability Analysis

Weakness Type

Improper Validation of Specified Quantity in Input

Products Associated with CVE-2026-57053

Affected Versions

GNU libidn <1.44 OOB Read in ToUnicode API
CVE-2026-57053 Published on June 23, 2026