PT-2020-17190 · Gnu+4 · Gnu C Library+4

Michael Colavita

Published

2020-12-04

Updated

2024-06-15

CVE-2020-29562

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc or libc6) versions 2.30 through 2.32

Description The iconv function in the GNU C Library, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Recommendations For versions 2.30 through 2.32, consider updating to a version where this issue is fixed, as the current version may abort the program when encountering irreversible characters during UCS4 text conversion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2021-2862

ALT-PU-2021-2880

ALT-PU-2021-3034

ALT-PU-2022-2917

CVE-2020-29562

MGASA-2021-0053

OPENSUSE-SU-2021:0358-1

OPENSUSE-SU-2021_0358-1

OPENSUSE-SU-2024:10792-1

SUSE-SU-2021:0653-1

SUSE-SU-2021:1165-1

SUSE-SU-2022:2886-1

SUSE-SU-2024:0759-1

USN-5310-1

Affected Products

Alt Linux

Gnu C Library

Linuxmint

Suse

Ubuntu

PT-2020-17190 · Gnu+4 · Gnu C Library+4

CVE-2020-29562

Weakness Enumeration

Related Identifiers

Affected Products

References · 89