Lucene search

K
cve[email protected]CVE-2020-27618
HistoryFeb 26, 2021 - 11:15 p.m.

CVE-2020-27618

2021-02-2623:15:11
CWE-835
web.nvd.nist.gov
285
8
cve-2020-27618
iconv function
gnu c library
glibc
libc6
denial of service
vulnerability
ibm1364
ibm1371
ibm1388
ibm1390
ibm1399
infinite loop

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Affected configurations

NVD
Node
gnuglibcRange2.32
Node
netappontap_select_deploy_administration_utilityMatch-
Node
netappa250Match-
AND
netappa250_firmwareMatch-
Node
netapp500fMatch-
AND
netapp500f_firmwareMatch-
Node
netapph410cMatch-
AND
netapph410c_firmwareMatch-
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph300eMatch-
AND
netapph300e_firmwareMatch-
Node
netapph500e_firmwareMatch-
AND
netapph500eMatch-
Node
netapph700e_firmwareMatch-
AND
netapph700eMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
oraclecommunications_cloud_native_core_service_communication_proxyMatch1.14.0
Node
debiandebian_linuxMatch10.0
CPENameOperatorVersion
gnu:glibcgnu glibcle2.32

Social References

More

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%