CVE-2020-27618

Опубликовано: 26 фев. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Ссылки

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-07
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210401-0006/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
Issue Tracking
Patch
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
Exploit
Issue Tracking
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Not Applicable
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202107-07
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210401-0006/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
Issue Tracking
Patch
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
Exploit
Issue Tracking
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Not Applicable
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Версия до 2.32 (включая)

Конфигурация 2

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 13

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*

Конфигурация 14

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2020-27618

CVSS3: 5.5

ubuntu

больше 4 лет назад

CVE-2020-27618

CVSS3: 5.5

redhat

почти 5 лет назад

CVE-2020-27618

CVSS3: 5.5

msrc

больше 4 лет назад

Описание отсутствует

CVE-2020-27618

CVSS3: 5.5

debian

больше 4 лет назад

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...

GHSA-6q5q-4c7r-7r4r

CVSS3: 5.5

github

около 3 лет назад

EPSS

Процентиль: 5%

0.00023

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-835