Lucene search

[email protected]CVE-2021-3326

HistoryJan 27, 2021 - 8:15 p.m.

CVE-2021-3326

2021-01-2720:15:00

CWE-617

[email protected]

web.nvd.nist.gov

271

cve-2021-3326

glibc

libc6

iso-2022-jp-3

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CPENameOperatorVersion
gnu:glibcgnu glibcle2.32.0
netapp:ontap_select_deploy_administration_utilitynetapp ontap select deploy administration utilityeq-
netapp:e-series_santricity_os_controllernetapp e-series santricity os controllerle11.60.3
oracle:communications_cloud_native_core_security_edge_protection_proxyoracle communications cloud native core security edge protection proxyeq1.5.0
fujitsu:m10-1_firmwarefujitsu m10-1 firmwareltxcp2410
fujitsu:m10-4_firmwarefujitsu m10-4 firmwareltxcp2410
fujitsu:m10-4s_firmwarefujitsu m10-4s firmwareltxcp2410
fujitsu:m12-1_firmwarefujitsu m12-1 firmwareltxcp2410
fujitsu:m12-2_firmwarefujitsu m12-2 firmwareltxcp2410
fujitsu:m12-2s_firmwarefujitsu m12-2s firmwareltxcp2410

CPE	Name	Operator	Version
gnu:glibc	gnu glibc	le	2.32.0
netapp:ontap_select_deploy_administration_utility	netapp ontap select deploy administration utility	eq	-
netapp:e-series_santricity_os_controller	netapp e-series santricity os controller	le	11.60.3
oracle:communications_cloud_native_core_security_edge_protection_proxy	oracle communications cloud native core security edge protection proxy	eq	1.5.0
fujitsu:m10-1_firmware	fujitsu m10-1 firmware	lt	xcp2410
fujitsu:m10-4_firmware	fujitsu m10-4 firmware	lt	xcp2410
fujitsu:m10-4s_firmware	fujitsu m10-4s firmware	lt	xcp2410
fujitsu:m12-1_firmware	fujitsu m12-1 firmware	lt	xcp2410
fujitsu:m12-2_firmware	fujitsu m12-2 firmware	lt	xcp2410
fujitsu:m12-2s_firmware	fujitsu m12-2s firmware	lt	xcp2410