The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
La función iconv() en la Biblioteca C de GNU versiones 2.43 y anteriores puede colapsar debido a un fallo de aserción al convertir entradas de los conjuntos de caracteres IBM1390 o IBM1399, lo que puede ser utilizado para colapsar una aplicación de forma remota. Esta vulnerabilidad puede mitigarse trivialmente al eliminar los conjuntos de caracteres IBM1390 e IBM1399 de los sistemas que no los necesiten.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Type: Secondary
Exploitability Score: 3.9
Impact Score: 3.6
| Source | Type | Description |
|---|---|---|
| 3ff69d7a-14f2-4f67-a097-88dee7810d18 | Secondary |
en
CWE-617
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | glibc | * | <built-in method update of dict object at 0x702bdcc58880> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |