GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
Summary | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. | |
References |
|
02 Feb 2023, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. |
Information
Published : 2014-12-05 16:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-6040
Mitre link : CVE-2014-6040
CVE.ORG link : CVE-2014-6040
JSON object : View
Products Affected
gnu
- glibc
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer