Lucene search

[email protected]NVD:CVE-2020-27618

HistoryFeb 26, 2021 - 11:15 p.m.

CVE-2020-27618

2021-02-2623:15:11

CWE-835

[email protected]

web.nvd.nist.gov

gnu c library

glibc

libc6

cve-2020-27618

ibm encodings

denial of service

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

83.6%

JSON

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Affected configurations

Nvd

Node

gnuglibcRange≤2.32

Node

netappontap_select_deploy_administration_utilityMatch-

Node

netappa250Match-

AND

netappa250_firmwareMatch-

Node

netapp500fMatch-

AND

netapp500f_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

oraclecommunications_cloud_native_core_service_communication_proxyMatch1.14.0

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
netappa250-cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
netappa250_firmware-cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
netapp500f-cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*
netapp500f_firmware-cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
netapph410c-cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
netapph410c_firmware-cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
netapp	a250	-	cpe:2.3:h:netapp:a250:-:::::::*
netapp	a250_firmware	-	cpe:2.3:o:netapp:a250_firmware:-:::::::*
netapp	500f	-	cpe:2.3:h:netapp:500f:-:::::::*
netapp	500f_firmware	-	cpe:2.3:o:netapp:500f_firmware:-:::::::*
netapp	h410c	-	cpe:2.3:h:netapp:h410c:-:::::::*
netapp	h410c_firmware	-	cpe:2.3:o:netapp:h410c_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*