CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*

Configuration 14 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

28 Oct 2022, 20:06

Type Values Removed Values Added
First Time Debian debian Linux
Debian
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

17 Oct 2022, 18:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html -

12 May 2022, 14:34

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Not Applicable, Third Party Advisory

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

29 Mar 2022, 16:39

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202107-07 - (GENTOO) https://security.gentoo.org/glsa/202107-07 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210401-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210401-0006/ - Third Party Advisory
CPE cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
First Time Netapp h300e
Netapp h410s
Netapp 500f
Oracle
Netapp h410c
Netapp h410s Firmware
Netapp h700s
Netapp
Netapp h410c Firmware
Netapp ontap Select Deploy Administration Utility
Netapp h500e Firmware
Netapp h700e Firmware
Netapp h300e Firmware
Netapp h500s Firmware
Netapp h300s Firmware
Netapp 500f Firmware
Netapp h700s Firmware
Netapp h500e
Netapp a250
Oracle communications Cloud Native Core Service Communication Proxy
Netapp h700e
Netapp a250 Firmware
Netapp h500s
Netapp h300s

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202107-07 -
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

01 Apr 2021, 08:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210401-0006/ -

04 Mar 2021, 21:29

Type Values Removed Values Added
References (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=26224 - (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=26224 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 - (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 - Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 5.5
CPE cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
CWE CWE-835

26 Feb 2021, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-02-26 23:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-27618

Mitre link : CVE-2020-27618

CVE.ORG link : CVE-2020-27618


JSON object : View

Products Affected

netapp

  • h700s_firmware
  • h410s
  • h500e_firmware
  • 500f_firmware
  • h500e
  • a250_firmware
  • h700e_firmware
  • h300s
  • h700s
  • h300e
  • h700e
  • h410s_firmware
  • h500s
  • h300s_firmware
  • h410c
  • ontap_select_deploy_administration_utility
  • h500s_firmware
  • h300e_firmware
  • a250
  • 500f
  • h410c_firmware

gnu

  • glibc

debian

  • debian_linux

oracle

  • communications_cloud_native_core_service_communication_proxy
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')