The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32 when processing invalid multi-byte input sequences in the EUC-KR encoding may have a buffer over-read.

🗓️ 07 Jan 2021 08:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 2 Views

The GNU C Library iconv up to version 2.32 may over-read buffers for invalid EUC KR sequences.

Reporter	Title	Published	Views	Family All 169
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains security vulnerabilities	13 May 202121:45	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Mar 202503:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	3 Dec 202118:52	–	ibm
Tenable Nessus	Amazon Linux 2 : glibc (ALAS-2021-1599)	19 Feb 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : glibc (ALAS-2021-1605)	19 Feb 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : glibc (ALAS-2021-1511)	13 Jul 202100:00	–	nessus
Tenable Nessus	AlmaLinux 8 : glibc (ALSA-2021:1585)	9 Feb 202200:00	–	nessus

Vulners

Node

microsoft cm1_glibc_2.28-16Range<2.28-16

07 Jan 2021 08:00Current

7High risk

Vulners AI Score7

CVSS 3.15.9

CVSS 27.1

EPSS0.00805

SSVC

buffer overread invalid input sequences EUC KR encoding GNU C Library iconv feature