Internet Bug Bounty: iconv() function missing string length check

https://bugs.php.net/bug.php?id=73368...

Fedora Update for nodejs-iconv FEDORA-2016-6

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-4840

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the outcharset parameter to the iconv function; or a long string in the charset parameter to the 2 iconvmimedecodeheaders, 3 iconvmimedecode, or 4 iconvstrlen function...

kppw最新版前台sql注入

简要描述： 我这么认真，你们还是给我点对应的rank吧 详细说明： 算上关联的函数，本来还有很多的，我自己也没有找了， 我测试的是utf版本的，你们gbk版本由于这个问题已经炸了，希望好好审查 下面我拿 control\user\messagesend.php文件举例，同样问题的我找的还有 message.php,yijia.php setUid $gUid ; $objMsgM-setUsername $username ; $objMsgM-setTouid $arrSpaceInfo 'uid' ; $objMsgM-setTousername $arrSpaceInfo...

SUSE: Security Advisory for PHP5 (SUSE-SU-2014:0873-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2012-1097)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: glibc

Issue Overview: An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was fou...

glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application...

FreeBSD : unzip -- heap based buffer overflow in iconv patch (3680b234-b6f0-11e4-b7cc-d050992ecde8)

Ubuntu Security Notice USN-2502-1 reports : unzip could be made to run programs if it opened a specially crafted file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018...

unzip -- heap based buffer overflow in iconv patch

Ubuntu Security Notice USN-2502-1 reports: unzip could be made to run programs if it opened a specially crafted file...

RedHat Update for glibc RHSA-2015:0016-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: glibc

Issue Overview: An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was fou...

glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application...

DEBIAN-CVE-2014-6040

GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364 encoded data to UTF-8...

Out-of-bounds

GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364 encoded data to UTF-8...

DEBIAN-CVE-2012-6656

iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8...

CVE-2014-6040

The CVE-2014-6040 issue affects the GNU C Library (glibc) prior to version 2.20. The vulnerability arises in iconv when converting certain multibyte data (notably IBM933/935/937/939/1364) to UTF-8, allowing a context-dependent attacker to trigger an out-of-bounds read and crash the process, i.e.,...

CVE-2014-6040

GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364 encoded data to UTF-8...

CVE-2014-6040

GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364 encoded data to UTF-8...

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2432-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2432-1 advisory. Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could...