ID CVE-2020-29562
Summary The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
    cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
  • cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 19-03-2021 - 18:41)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:S/C:N/I:N/A:P
refmap via4
confirm https://security.netapp.com/advisory/ntap-20210122-0004/
fedora FEDORA-2021-6e581c051a
misc https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Last major update 19-03-2021 - 18:41
Published 04-12-2020 - 07:15
Last modified 19-03-2021 - 18:41
Back to Top