EUVD-2020-21925

Malware in sbrugna...

glibc: Out of bounds write in iconv may lead to remote code execution

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

glibc: Out of bounds write in iconv may lead to remote code execution

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

CVE-2024-2961

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

K16346064: glibc vulnerability CVE-2020-29562

Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVE-2020-29562 Impact...

SUSE CVE-2015-2059

The stringpreputf8toucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read...

SUSE CVE-2020-29562

The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

SUSE SLES12 Security Update : glibc (SUSE-SU-2021:1165-1)

This update for glibc fixes the following issues : CVE-2020-27618: Accept redundant shift sequences in IBM1364 bsc1178386 CVE-2020-29562: Fix incorrect UCS4 inner loop bounds bsc1179694 CVE-2020-29573: Harden printf against non-normal long double values bsc1179721 Check vector support in memmove...

SUSE-SU-2021:1165-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 bsc1178386 - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds bsc1179694 - CVE-2020-29573: Harden printf against non-normal long double values bsc1179721 - Check vector support in...

openSUSE Security Update : glibc (openSUSE-2021-358)

This update for glibc fixes the following issues : - Fix buffer overrun in EUC-KR conversion module CVE-2019-25013, bsc1182117, BZ 24973 - x86: Harden printf against non-normal long double values CVE-2020-29573, bsc1179721, BZ 26649 - gconv: Fix assertion failure in ISO-2022-JP-3 module...

Security update for glibc (important)

openSUSE Security Update: Security update for glibc Announcement ID: openSUSE-SU-2021:0358-1 Rating: important References: 1178386 1179694 1179721 1180038 1181505 1182117 Cross-References: CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 CVSS scores: CVE-2019-25013 NVD :...

OPENSUSE-SU-2021:0358-1 Security update for glibc

This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module CVE-2019-25013, bsc1182117, BZ 24973 - x86: Harden printf against non-normal long double values CVE-2020-29573, bsc1179721, BZ 26649 - gconv: Fix assertion failure in ISO-2022-JP-3 module...

Important: glibc

Issue Overview: The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial...

MGASA-2021-0053 Updated glibc packages fix security vulnerability

Security fixes: - fix buffer overrun in EUC-KR conversion module bz 2497 CVE-2019-25013 - arm: CVE-2020-6096: Fix multiarch memcpy for negative length BZ 25620 - arm: CVE-2020-6096: fix memcpy and memmove for negative length BZ 25620 - iconv: Fix incorrect UCS4 inner loop bounds BZ 26923...

Fedora 32 : glibc (2021-6e581c051a)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e581c051a advisory. - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1005)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2021-1024)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2021-1005)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an...

CVE-2020-29562

A denial of service flaw was found in the way glibc's iconv function handled UCS4 text containing an irreversible character. This flaw causes an application compiled with glibc and using the vulnerable function to terminate with an assertion, resulting in a denial of service. The highest threat...