In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu glibc 2.34 |
||
oracle communications cloud native core network function cloud native environment 22.1.0 |
||
oracle communications cloud native core binding support function 22.1.3 |
||
oracle communications cloud native core network repository function 22.2.0 |
||
oracle communications cloud native core security edge protection proxy 22.1.1 |
||
oracle communications cloud native core network repository function 22.1.2 |
||
oracle enterprise operations monitor 4.3 |
||
oracle enterprise operations monitor 4.4 |
||
oracle enterprise operations monitor 5.0 |
||
oracle communications cloud native core unified data repository 22.2.0 |