CVE-2015-2059

Name: CVE-2015-2059
Creator: NVD / NIST
Published: 2015-08-12T14:59:09.213+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.12%

Last modified Jun 17, 2026

CVE-2015-2059 is a vulnerability of currently unknown severity. The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.. EPSS estimates a 3.12% chance of exploitation in the next 30 days.

Description

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

Metrics

EPSS Probability

3.12%

86.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Gnu	Libidn	<= 1.30
Opensuse	Opensuse	13.1
Opensuse	Opensuse	13.2
Fedoraproject	Fedora	21
Fedoraproject	Fedora	22

References

http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279Issue Tracking, Patch
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
http://www.debian.org/security/2016/dsa-3578
http://www.openwall.com/lists/oss-security/2015/02/23/25Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/72736
http://www.ubuntu.com/usn/USN-3068-1
https://github.com/jabberd2/jabberd2/issues/85Issue Tracking, Patch, Third Party Advisory
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279Issue Tracking, Patch
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
http://www.debian.org/security/2016/dsa-3578
http://www.openwall.com/lists/oss-security/2015/02/23/25Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/72736
http://www.ubuntu.com/usn/USN-3068-1
https://github.com/jabberd2/jabberd2/issues/85Issue Tracking, Patch, Third Party Advisory

Timeline

Published: Aug 12, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-2059?

How severe is CVE-2015-2059?

Severity scoring for CVE-2015-2059 is pending analysis. The EPSS model estimates a 3.12% probability of exploitation in the next 30 days.

How do I fix CVE-2015-2059?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2059?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST