Lucene search

K
cve[email protected]CVE-2020-29562
HistoryDec 04, 2020 - 7:15 a.m.

CVE-2020-29562

2020-12-0407:15:11
CWE-617
web.nvd.nist.gov
176
8
cve
2020
29562
glibc
iconv function
denial of service
vulnerability

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:N/A:P

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Affected configurations

NVD
Node
gnuglibcRange2.30โ€“2.32
Node
fedoraprojectfedoraMatch32
Node
netappe-series_santricity_os_controllerRange11.0.0โ€“11.60.3
CPENameOperatorVersion
gnu:glibcgnu glibcle2.32

Social References

More

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:N/I:N/A:P

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%