Vulnerability CVE-2020-27618: Information

Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-27618
Published: Feb. 27, 2021
Modified: Oct. 28, 2022
Error type identifier: CWE-835

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.32-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2020-3524-1263483Fixed
glibcsisyphus_e2k2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.22.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4ALT-PU-2024-1492-1-Fixed
glibcsisyphus_riscv642.34.0.39.024a7-alt1.rv642.38.0.76.e9f05fa1c6-alt1ALT-PU-2021-4728-1-Fixed
glibcp102.32-alt12.32-alt5.p10.3ALT-PU-2020-3524-1263483Fixed
glibcp92.27-alt142.27-alt14ALT-PU-2021-2862-1285569Fixed
glibcc10f12.32-alt12.32-alt5.p10.3ALT-PU-2020-3524-1263483Fixed
glibcc9f22.27-alt142.27-alt14ALT-PU-2021-2880-1285733Fixed
glibcp112.32-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2020-3524-1263483Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20210401-0006/
  • Third Party Advisory
GLSA-202107-07
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Not Applicable
  • Third Party Advisory
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
      End including
      2.32

      Configuration 2

      cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

      Configuration 9

      cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

      Configuration 10

      cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

      Configuration 11

      cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

      Configuration 12

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      Configuration 13

      cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*

      Configuration 14

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top