CVE-2014-5119

Name of the Vulnerable Software and Affected Versions glibc (affected versions not specified) glibc-devel (affected versions not specified) glibc-devel-32bit (affected versions not specified) glibc-devel-static (affected versions not specified) glibc-devel-static-32bit (affected versions not specified) glibc-extra (affected versions not specified) glibc-extra-debuginfo (affected versions not specified) glibc-html (affected versions not specified) glibc-i18ndata (affected versions not specified) glibc-info (affected versions not specified) glibc-locale (affected versions not specified) glibc-locale-32bit (affected versions not specified) glibc-locale-debuginfo (affected versions not specified) glibc-locale-debuginfo-32bit (affected versions not specified) glibc-profile (affected versions not specified) glibc-profile-32bit (affected versions not specified) glibc-utils (affected versions not specified) glibc-utils-32bit (affected versions not specified) glibc-utils-debuginfo (affected versions not specified) glibc-utils-debuginfo-32bit (affected versions not specified) glibc-utils-debugsource (affected versions not specified) nscd (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the glibc package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The vulnerabilities are caused by an off-by-one error in the gconv translit find function in gconv trans.c in the GNU C Library (also known as glibc), allowing context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.