An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
Find out more about CVE-2014-5119 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6.9 |
---|---|
Base Metrics | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Access Vector | Local |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (glibc) | RHSA-2014:1110 | 2014-08-29 |
Red Hat Enterprise Linux Extended Update Support 6.4 (glibc) | RHSA-2014:1118 | 2014-09-02 |
Red Hat Enterprise Linux Long Life (v. 5.6 server) (glibc) | RHSA-2014:1118 | 2014-09-02 |
Red Hat Enterprise Linux 7 (glibc) | RHSA-2014:1110 | 2014-08-29 |
Red Hat Enterprise Linux Advanced Update Support 6.2 (glibc) | RHSA-2014:1118 | 2014-09-02 |
Red Hat Enterprise Linux 5 (glibc) | RHSA-2014:1110 | 2014-08-29 |
Red Hat Enterprise Linux EUS (v. 5.9 server) (glibc) | RHSA-2014:1118 | 2014-09-02 |