Published: 26/02/2021 Updated: 28/10/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 189

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and previous versions, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
netapp ontap select deploy administration utility -
netapp a250_firmware -
netapp 500f_firmware -
netapp h410c_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
oracle communications cloud native core service communication proxy 1.14.0
debian debian linux 10.0

Debian Bug report logs - #973914 glibc: CVE-2020-27618 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Nov 2020 12:06:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Several security issues were fixed in GNU C Library ...

In the GNU C Library (aka glibc or libc6) through 229, proceed_next_node in posix/regexecc has a heap-based buffer over-read via an attempted case-insensitive regular-expression match (CVE-2019-9169) A flaw was found in glibc If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390 ...

A flaw was found in glibc up to version 232 If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, it fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service The issue is fixed in glibc version 2 ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-835 https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 https://sourceware.org/bugzilla/show_bug.cgi?id=26224 https://security.netapp.com/advisory/ntap-20210401-0006/https://security.gentoo.org/glsa/202107-07 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973914 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5310-1 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2020-27618

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect