CVE-2026-57053
Publication date 23 June 2026
Last updated 9 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libidn | 26.04 LTS resolute |
Fixed 1.43-2ubuntu0.26.04.1
|
| 24.04 LTS noble |
Fixed 1.42-1ubuntu0.1
|
|
| 22.04 LTS jammy |
Fixed 1.38-4ubuntu1.1
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.0 · Medium
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
References
Related Ubuntu Security Notices (USN)
- USN-8521-1
- Libidn vulnerability
- 9 July 2026