The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
La función iconv() en las versiones 2.39 y anteriores de la librería GNU C puede desbordar el búfer de salida que se le pasa hasta en 4 bytes al convertir cadenas al juego de caracteres ISO-2022-CN-EXT, lo que puede usarse para bloquear una aplicación. o sobrescribir una variable vecina.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | HIGH |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 2.5
Impact Score: 4.7
| Source | Type | Description |
|---|---|---|
| 3ff69d7a-14f2-4f67-a097-88dee7810d18 | Secondary |
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | glibc | * | <built-in method update of dict object at 0x702bdc346000> | Application |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x702bcc125400> | Application |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x702bdc370080> | Operating System |
| netapp | hci_h300s_firmware | - | <built-in method update of dict object at 0x702bdd881500> | Operating System |
| netapp | hci_h500s_firmware | - | <built-in method update of dict object at 0x702bdc344cc0> | Operating System |
| netapp | hci_h700s_firmware | - | <built-in method update of dict object at 0x702bdc240a00> | Operating System |
| netapp | hci_h410s_firmware | - | <built-in method update of dict object at 0x702bfc133e80> | Operating System |
| netapp | hci_h410c_firmware | - | <built-in method update of dict object at 0x702bfc1309c0> | Operating System |
| netapp | hci_h610c_firmware | - | <built-in method update of dict object at 0x702bfc203300> | Operating System |
| netapp | hci_h610s_firmware | - | <built-in method update of dict object at 0x702bdc243e40> | Operating System |
| netapp | hci_h615c_firmware | - | <built-in method update of dict object at 0x702bfc1336c0> | Operating System |
| netapp | hci_compute_node | - | <built-in method update of dict object at 0x702bdc373c40> | Operating System |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x702bdc3467c0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h410s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h410s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |