CVE-2021-3326

7.5HIGH

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 27 January 2021

Summary

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=27256

https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d...

http://www.openwall.com/lists/oss-security/2021/01/28/2

mailing-list

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2021
Vulnerability Reserved
Jan 27, 2021