PT-2017-3961 · Gnu+10 · Gnu C Library+10

Publicado

2017-01-25

·

Atualizado

2024-06-15

·

CVE-2016-10228

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GNU C Library (glibc) versions 2.31 and earlier
Description The issue is related to the iconv program in the GNU C Library. When invoked with multiple suffixes in the destination encoding along with the -c option, it enters an infinite loop when processing invalid multi-byte input sequences. This can lead to a denial of service. The vulnerability is associated with insufficient input validation, which can be exploited by a remote attacker to cause a denial of service when the iconv utility is called with the -c option.
Recommendations For GNU C Library (glibc) versions 2.31 and earlier, consider avoiding the use of the -c option with multiple suffixes in the destination encoding to minimize the risk of exploitation. As a temporary workaround, restrict the use of the iconv utility until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2021:1585
ALT-PU-2017-2833
ALT-PU-2020-3524
ALT-PU-2021-2862
ALT-PU-2021-2880
BDU:2020-04683
CESA-2021_1585
CVE-2016-10228
DLA-3152-1
MGASA-2021-0289
OPENSUSE-SU-2021:1560-1
OPENSUSE-SU-2021_1560-1
OPENSUSE-SU-2024:10792-1
RHSA-2021:1585
RHSA-2021_1585
RLSA-2021:1585
SUSE-SU-2021:2480-1
SUSE-SU-2021:3830-1
SUSE-SU-2021_2480-1
SUSE-SU-2021_3830-1
SUSE-SU-2022:2886-1
USN-5310-1
USN-5768-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Gnu C Library
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu