Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-6040

Published: 05/12/2014 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Glibc

Vulnerability Summary

GNU C Library (aka glibc) prior to 2.20 allows context-dependent malicious users to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.1.2

gnu glibc 2.11

gnu glibc 2.0.5

gnu glibc 2.0.6

gnu glibc 2.10.1

gnu glibc 2.1.1

gnu glibc 2.17

gnu glibc 2.14

gnu glibc 2.0.3

gnu glibc 2.0

gnu glibc 2.13

gnu glibc 2.1.1.6

gnu glibc 2.1

gnu glibc 2.1.9

gnu glibc 2.12.1

gnu glibc 2.0.1

gnu glibc 2.14.1

gnu glibc 2.11.2

gnu glibc 2.0.4

gnu glibc 2.0.2

gnu glibc 2.16

gnu glibc

gnu glibc 2.18

gnu glibc 2.11.3

gnu glibc 2.11.1

gnu glibc 2.1.3

gnu glibc 2.15

gnu glibc 2.12

gnu glibc 2.12.2

Vendor Advisories

Red Hat: Moderate: glibc security and bug fix update
Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix two security issues and two bugs are nowavailable for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulne ...
Ubuntu Security Notice: eglibc, glibc vulnerabilities
The GNU C Library could be made to crash or run programs ...
Debian Security Advisories: DSA-3142-1 eglibc -- security update
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument This could be used by an attacker to execute arbitrary code in processes whic ...
Debian CVElist Bug Report Logs: glibc: CVE-2014-7817 CVE-2014-9402
Debian Bug report logs - #775572 glibc: CVE-2014-7817 CVE-2014-9402 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 17 Jan 2015 14:42:02 UTC Severity: important Tags: security Found in version glibc/219 ...
Debian CVElist Bug Report Logs: CVE-2012-3406: glibc formatted printing vulnerabilities
Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...
Amazon Linux AMI: ALAS-2015-495
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8 An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application (CVE-2014-6040) It was found that the files back end of Name Service Switch (NSS) did not ...
Amazon Linux AMI: ALAS-2015-468
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8 An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application (CVE-2014-6040) It was found that the wordexp() function would perform command substituti ...
Red Hat: CVE-2014-6040
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8 An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application ...

References

CWE-119http://www.securityfocus.com/bid/69472http://www.openwall.com/lists/oss-security/2014/09/02/1http://ubuntu.com/usn/usn-2432-1http://www.mandriva.com/security/advisories?name=MDVSA-2014:175https://sourceware.org/bugzilla/show_bug.cgi?id=17325http://www.openwall.com/lists/oss-security/2014/08/29/3http://www.debian.org/security/2015/dsa-3142https://security.gentoo.org/glsa/201602-02http://secunia.com/advisories/62146http://secunia.com/advisories/62100http://linux.oracle.com/errata/ELSA-2015-0016.htmlhttps://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6https://access.redhat.com/errata/RHSA-2015:0016https://usn.ubuntu.com/2432-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-6040
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook