CVE-2022-0685

A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Multiple Vulnerabilities (NS-SA-2021-0180)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by multiple vulnerabilities: - On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program...

SQL Injection

php is vulnerable to SQL injection. The vulnerability exists due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements into the MySQL server for execution...

MGASA-2021-0289 Updated glibc packages fix a security vulnerability

A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence CVE-2016-10228...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 A flaw was found in glibc. If an attacker provides the iconv function with invalid...

Amazon Linux 2 : glibc (ALAS-2021-1656)

The version of glibc installed on the remote host is prior to 2.26-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1656 advisory. In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap- based buffer over-read...

Denial Of Service (DoS)

glibc is vulnerable to denial of service. The vulnerability exists when processing invalid multi-byte input sequences which could lead to an infinite loop in applications causing the system to crash...

RLSA-2021:1585 Moderate: glibc security, bug fix, and enhancement update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid multi-byte input sequences in IBM1364 IBM1371 IBM1388 IBM1390 and IBM1399 encodings fails to advance the input state which could lead to an infinite loop in applications resulting in a denial of service a different vulnerability from CVE-2016-10228.

...

CVE-2020-27618

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding

A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability...

Fedora 32 : glibc (2021-6e581c051a)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e581c051a advisory. - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...

UBUNTU-CVE-2019-25013

The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read...

Buffer overflow

The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read...

CVE-2019-25013

CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...

Information Disclosure

PHP is vulnerable to Information Disclosure. Reading past the allocated buffer is possible when using certain mbstring functions to convert multi-byte encodings...

libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c

In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive...

CVE-2020-27618

A flaw was found in glibc. If an attacker provides the iconv function with invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, it fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service...

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...