Описание
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux Extended Update Support 5.6 | glibc | Affected | ||
| Red Hat Enterprise Linux 5 | glibc | Fixed | RHSA-2014:1110 | 29.08.2014 |
| Red Hat Enterprise Linux 5.6 Long Life | glibc | Fixed | RHSA-2014:1118 | 02.09.2014 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | glibc | Fixed | RHSA-2014:1118 | 02.09.2014 |
| Red Hat Enterprise Linux 6 | glibc | Fixed | RHSA-2014:1110 | 29.08.2014 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | glibc | Fixed | RHSA-2014:1118 | 02.09.2014 |
| Red Hat Enterprise Linux 6.4 Extended Update Support | glibc | Fixed | RHSA-2014:1118 | 02.09.2014 |
| Red Hat Enterprise Linux 7 | glibc | Fixed | RHSA-2014:1110 | 29.08.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Off-by-one error in the __gconv_translit_find function in gconv_trans. ...
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.9 Medium
CVSS2