CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
Confidence
Low
EPSS
Percentile
17.1%
An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc’s iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.
This issue can be mitigated by removing the ISO-2022-CN-EXT from glibc-gconv-extra's modules configuration. This can be done by:
Verify if the module is loaded by running:
$ iconv -l | grep -E ‘CN-?EXT’
ISO-2022-CN-EXT//
ISO2022CNEXT//
If the grep output looks like the above, ISO-2022-CN-EXT module is enabled.
Disabled the module by editing the file located at /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf and comment the following lines. For RHEL 7 the file that needs to be edited is /usr/lib64/gconv/gconv-modules. This step requires to be executed by a privileged user:
alias ISO2022CNEXT// ISO-2022-CN-EXT//
module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1
module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1
For commenting those lines just add the '#' character at the beginning of mentioned lines:
# from to module cost
#alias ISO2022CNEXT// ISO-2022-CN-EXT//
#module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1
#module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1
Update the iconv cache by running:
sudo iconvconfig
Check if the module was disabled by running the first step again. This time ISO-2022-CN-EXT should not appear in the output.
Please notice that disabling the mentioned gconv module may lead applications relying in the affected module to fail in converting characters and should be used as a temporary mitigation before being able to fully update the affected package.