PT-2012-6295 · Gnu+2 · Glibc+2

Siddhesh Poyarekar

Published

2012-12-31

Updated

2017-07-01

CVE-2012-6656

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.16

Description The issue allows context-dependent attackers to cause a denial of service, specifically an out-of-bounds read, when converting IBM930 encoded data to UTF-8 using the iconv function. This occurs when a multibyte character value of 0xffff is provided.

Recommendations For versions prior to 2.16, update to version 2.16 or later to resolve the issue. As a temporary workaround, consider restricting the input to the iconv function to prevent the use of the 0xffff multibyte character value.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-6656

DLA-97-1

DSA-3142-1

SUSE-RU-2015:0794-1

SUSE-SU-2014_1129-1

SUSE-SU-2015:0253-1

SUSE-SU-2015:0439-1

SUSE-SU-2015:0551-1

SUSE-SU-2015_0164-1

SUSE-SU-2015_0167-1

SUSE-SU-2015_0170-1

SUSE-SU-2015_0253-1

USN-2432-1

Affected Products

Suse

Ubuntu

Glibc

PT-2012-6295 · Gnu+2 · Glibc+2

CVE-2012-6656

Weakness Enumeration

Related Identifiers

Affected Products

References · 185