Denial of Service Vulnerability in FreeBSD's Iconv Module
CVE-2014-5384

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD; Netbsd
Vendor: CVE Published:; 21 August 2014

What is CVE-2014-5384?

The VIQR module within the iconv implementation in FreeBSD versions prior to p6 and NetBSD is susceptible to a vulnerability that can be exploited by context-dependent attackers. Attackers may cause a denial of service through an out-of-bounds array access by supplying specially crafted arguments to the iconv_open function. This vulnerability has been identified separately from CVE-2014-3951, highlighting the distinct nature of its risks and impacts.

References

http://www.freebsd.org/security/advisories/FreeBSD-SA-14:...

vendor-advisoryx_refsource_FREEBSD

http://www.securitytracker.com/id/1030458

vdb-entryx_refsource_SECTRACK

http://mail-index.netbsd.org/source-changes/2014/06/24/ms...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 21, 2014
Vulnerability Reserved
Aug 21, 2014