PT-2012-6295 · Gnu+2 · Glibc+2

Siddhesh Poyarekar

Publicado

2012-12-31

Atualizado

2017-07-01

CVE-2012-6656

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.16

Description The issue allows context-dependent attackers to cause a denial of service, specifically an out-of-bounds read, when converting IBM930 encoded data to UTF-8 using the iconv function. This occurs when a multibyte character value of 0xffff is provided.

Recommendations For versions prior to 2.16, update to version 2.16 or later to resolve the issue. As a temporary workaround, consider restricting the input to the iconv function to prevent the use of the 0xffff multibyte character value.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-6656

DLA-97-1

DSA-3142-1

SUSE-RU-2015:0794-1

SUSE-SU-2014_1129-1

SUSE-SU-2015:0253-1

SUSE-SU-2015:0439-1

SUSE-SU-2015:0551-1

SUSE-SU-2015_0164-1

SUSE-SU-2015_0167-1

SUSE-SU-2015_0170-1

SUSE-SU-2015_0253-1

USN-2432-1

Produtos afetados

Suse

Ubuntu

Glibc

PT-2012-6295 · Gnu+2 · Glibc+2

CVE-2012-6656

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 185