CVE-2026-4046 iconv crash due to assertion failure with untrusted input

🗓️ 30 Mar 2026 17:16:11Reported by glibcType

iconv crash in glibc before 2.43 from assertion on untrusted inputs; remove IBM1390 and IBM1399 charsets.

Reporter	Title	Published	Views	Family All 105
ATTACKERKB	CVE-2026-4046	30 Mar 202617:16	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2026-1622)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : glibc, --advisory ALAS2-2026-3272 (ALAS-2026-3272)	30 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : glibc (ALSA-2026:20587)	27 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : glibc (ALSA-2026:20594)	27 May 202600:00	–	nessus
Tenable Nessus	Debian dla-4621 : glibc-doc - security update	8 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2205)	9 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2243)	9 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : glibc (EulerOS-SA-2026-2290)	10 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP13 : glibc (EulerOS-SA-2026-2333)	10 Jun 202600:00	–	nessus

[
  {
    "vendor": "The GNU C Library",
    "product": "glibc",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.3",
        "lessThanOrEqual": "2.43",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
sourceware	www.sourceware.org/bugzilla/show_bug.cgi
inbox	www.inbox.sourceware.org/libc-announce/[email protected]/T/
sourceware	www.sourceware.org/git/

20 Apr 2026 21:02Current

EPSS0.00084

CWE-617