The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Netapp
  • H700s
  • A250
  • H700e
  • Ontap Select Deploy Administration Utility
  • H410c
  • H500s
  • H410s Firmware
  • H300e Firmware
  • H500s Firmware
  • H300s Firmware
  • H700s Firmware
  • 500f
  • 500f Firmware
  • A250 Firmware
  • H500e
  • H410c Firmware
  • H700e Firmware
  • H300e
  • H300s
  • H410s
  • H500e Firmware
Debian
  • Debian Linux
Oracle
  • Communications Cloud Native Core Service Communication Proxy
Gnu
  • Glibc

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 [-]

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*

Configuration 14 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References
Link Resource
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202107-07 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210401-0006/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 Issue Tracking Patch Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26224 Exploit Issue Tracking Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Not Applicable Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-26T00:00:00

Updated: 2022-10-17T00:00:00

Reserved: 2020-10-22T00:00:00

Link: CVE-2020-27618

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-02-26T23:15:11.123

Modified: 2022-10-28T20:06:38.603

Link: CVE-2020-27618

JSON object: View

cve-icon Redhat Information

No data.

CWE