The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202107-07 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210401-0006/ | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 | Issue Tracking Patch Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=26224 | Exploit Issue Tracking Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Not Applicable Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
History
28 Oct 2022, 20:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian debian Linux
Debian |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
17 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 14:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Not Applicable, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 16:39
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202107-07 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210401-0006/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h300e
Netapp h410s Netapp 500f Oracle Netapp h410c Netapp h410s Firmware Netapp h700s Netapp Netapp h410c Firmware Netapp ontap Select Deploy Administration Utility Netapp h500e Firmware Netapp h700e Firmware Netapp h300e Firmware Netapp h500s Firmware Netapp h300s Firmware Netapp 500f Firmware Netapp h700s Firmware Netapp h500e Netapp a250 Oracle communications Cloud Native Core Service Communication Proxy Netapp h700e Netapp a250 Firmware Netapp h500s Netapp h300s |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2021, 21:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=26224 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* | |
CWE | CWE-835 |
26 Feb 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-26 23:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27618
Mitre link : CVE-2020-27618
CVE.ORG link : CVE-2020-27618
JSON object : View
Products Affected
netapp
- h700s_firmware
- h410s
- h500e_firmware
- 500f_firmware
- h500e
- a250_firmware
- h700e_firmware
- h300s
- h700s
- h300e
- h700e
- h410s_firmware
- h500s
- h300s_firmware
- h410c
- ontap_select_deploy_administration_utility
- h500s_firmware
- h300e_firmware
- a250
- 500f
- h410c_firmware
gnu
- glibc
debian
- debian_linux
oracle
- communications_cloud_native_core_service_communication_proxy
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')