A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
For the stable distribution (buster), this problem has been fixed in version 2.0.5-1+deb10u1.
libidn2를 업그레이드 하는 게 좋음.
For the detailed security status of libidn2 please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/libidn2