An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
Find out more about CVE-2014-5119 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.9 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (glibc) | RHSA-2014:1110 | 2014-08-29 |
| Red Hat Enterprise Linux Extended Update Support 6.4 (glibc) | RHSA-2014:1118 | 2014-09-02 |
| Red Hat Enterprise Linux Long Life (v. 5.6 server) (glibc) | RHSA-2014:1118 | 2014-09-02 |
| Red Hat Enterprise Linux 7 (glibc) | RHSA-2014:1110 | 2014-08-29 |
| Red Hat Enterprise Linux Advanced Update Support 6.2 (glibc) | RHSA-2014:1118 | 2014-09-02 |
| Red Hat Enterprise Linux 5 (glibc) | RHSA-2014:1110 | 2014-08-29 |
| Red Hat Enterprise Linux EUS (v. 5.9 server) (glibc) | RHSA-2014:1118 | 2014-09-02 |
Vulmon