Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-6040

Опубликовано: 28 авг. 2014
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.

Отчет

This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6glibcFixedRHSA-2015:001607.01.2015
Red Hat Enterprise Linux 7glibcFixedRHSA-2015:032705.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1135841glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)

EPSS

Процентиль: 92%
0.07802
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-6040

ubuntu
больше 10 лет назад

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

nvd логотип

CVE-2014-6040

nvd
больше 10 лет назад

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

debian логотип

CVE-2014-6040

debian
больше 10 лет назад

GNU C Library (aka glibc) before 2.20 allows context-dependent attacke ...

github логотип

GHSA-q282-r79m-mmjq

github
больше 3 лет назад

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

oracle-oval логотип

ELSA-2015-0327

oracle-oval
больше 10 лет назад

ELSA-2015-0327: glibc security and bug fix update (MODERATE)

EPSS

Процентиль: 92%
0.07802
Низкий

2.1 Low

CVSS2