Published: 02/03/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 388

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and previous versions, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc

Debian Bug report logs - #856503 glibc: CVE-2016-10228: iconv(1) with -c option hangs on illegal multi-byte sequences Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Mar 2017 18:45:01 UTC Severity ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Several security issues were fixed in GNU C Library ...

The iconv program in the GNU C Library (aka glibc or libc6) 231 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service (CVE-2016-10228) A flaw was found in glibc When pro ...

The iconv program in the GNU C Library (aka glibc or libc6) 225 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-20 https://sourceware.org/bugzilla/show_bug.cgi?id=19519 http://openwall.com/lists/oss-security/2017/03/01/10 http://www.securityfocus.com/bid/96525 https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 https://sourceware.org/bugzilla/show_bug.cgi?id=26224 https://security.gentoo.org/glsa/202101-20 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856503 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5310-1 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2016-10228

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect