Denial of Service Vulnerability in GNU C Library Versions 2.30 to 2.32
CVE-2020-29562

4.8MEDIUM

Key Information:

Vendor
Gnu
Status
Glibc
Vendor
CVE Published:
4 December 2020

Summary

The GNU C Library (glibc or libc6) from versions 2.30 through 2.32 experiences a significant issue when the iconv function processes UCS4 text that contains an irreversible character. This flaw leads to an assertion failure in the code path, resulting in the abrupt termination of the program. Exploitation of this vulnerability can potentially lead to a denial of service, causing disruption of services dependent on glibc.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=26923
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-20210122-0004/
x_refsource_CONFIRM

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.