CVE-2014-6040

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.20 glibc-devel-2.12 version glibc-debuginfo-2.12 version glibc-debuginfo-common-2.12 version glibc-2.12 version glibc-common-2.12 version glibc-static-2.12 version glibc-utils-2.12 version glibc-headers-2.12 version

Description The issue is related to multiple vulnerabilities in the glibc package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The vulnerabilities allow context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting certain encoded data to UTF-8.

Recommendations For glibc versions prior to 2.20, update to version 2.20 or later. For glibc-devel-2.12, glibc-debuginfo-2.12, glibc-debuginfo-common-2.12, glibc-2.12, glibc-common-2.12, glibc-static-2.12, glibc-utils-2.12, and glibc-headers-2.12, consider disabling the iconv function or restricting access to it until a patch is available. As a temporary workaround, consider avoiding the use of the iconv function with certain encoded data until the issue is resolved.