Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
References
Configurations
History
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. | |
References |
|
Information
Published : 2014-08-29 16:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-5119
Mitre link : CVE-2014-5119
CVE.ORG link : CVE-2014-5119
JSON object : View
Products Affected
debian
- debian_linux
gnu
- glibc
CWE
CWE-189
Numeric Errors