Computer Security
[EN] securityvulns.ru no-pyccku


GNU glibc buffer overflow
Published:01.09.2014
Source:
SecurityVulns ID:13947
Type:library
Threat Level:
6/10
Description:Off-by-one in __gconv_translit_find().
Affected:GNU : glibc 2.19
CVE:CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.)
 CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.)
 CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.)
Original documentdocumentUBUNTU, [USN-2328-1] GNU C Library vulnerability (01.09.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod