PT-2017-3961 · Gnu+10 · Gnu C Library+10

Published

2017-01-25

·

Updated

2024-06-15

·

CVE-2016-10228

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GNU C Library (glibc) versions 2.31 and earlier
Description The issue is related to the iconv program in the GNU C Library. When invoked with multiple suffixes in the destination encoding along with the -c option, it enters an infinite loop when processing invalid multi-byte input sequences. This can lead to a denial of service. The vulnerability is associated with insufficient input validation, which can be exploited by a remote attacker to cause a denial of service when the iconv utility is called with the -c option.
Recommendations For GNU C Library (glibc) versions 2.31 and earlier, consider avoiding the use of the -c option with multiple suffixes in the destination encoding to minimize the risk of exploitation. As a temporary workaround, restrict the use of the iconv utility until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:1585
ALT-PU-2017-2833
ALT-PU-2020-3524
ALT-PU-2021-2862
ALT-PU-2021-2880
BDU:2020-04683
CESA-2021_1585
CVE-2016-10228
DLA-3152-1
MGASA-2021-0289
OPENSUSE-SU-2021:1560-1
OPENSUSE-SU-2021_1560-1
OPENSUSE-SU-2024:10792-1
RHSA-2021:1585
RHSA-2021_1585
RLSA-2021:1585
SUSE-SU-2021:2480-1
SUSE-SU-2021:3830-1
SUSE-SU-2021_2480-1
SUSE-SU-2021_3830-1
SUSE-SU-2022:2886-1
USN-5310-1
USN-5768-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gnu C Library
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu