| ID |
CVE-2021-43396
|
| Summary |
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 11-04-2024 - 01:13) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| Last major update |
11-04-2024 - 01:13 |
| Published |
04-11-2021 - 20:15 |
| Last modified |
11-04-2024 - 01:13 |
