BSA-2017-211
21502
31 March 2017
31 March 2017
Closed
High
7.5
N/A
CVE-2016-6261
Summary
Security Advisory ID : BSA-2017-211
Component : libidn
Revision : 1.0: Interim
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Affected Products
| Product | Current Assessment |
|---|---|
| Brocade 5400 vRouter | Impacted: Fixed in 6.7R12. |
| Brocade 5600 vRouter | Impacted: Fixed in 5.2R2. |
| Brocade SLX-OS | Impacted: Fixed in 17r.1.01. |
| Brocade Virtual Traffic Manager | Impacted: Appliance fixed in 11.1, 10.4r1, 9.9r2, and later. |
Products Confirmed Not Vulnerable
Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade SDN Controller, Brocade ServerIron ADX, Brocade Services Director, Brocade Virtual ADX, Brocade Virtual Traffic Manager: Software, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | March 31, 2017 |