CVE-2012-6656 — Improper Input Validation in Glibc

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Eglibc Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 5

Latest updateMay 17

Description

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debiangnu/glibc< 2.17-1+3

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.4

▶NVDgnu/glibc2.16

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-g6fx-pmc7-2qhp: iconvdata/ibm930↗2022-05-17

▶

OSV

CVE-2012-6656: iconvdata/ibm930↗2014-12-05

▶

CVEList

CVE-2012-6656: iconvdata/ibm930↗2014-12-05

▶

OSV

eglibc, glibc vulnerabilities↗2014-12-03

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2014-12-03

▶

Red Hat

glibc: crash in IBM930 decoding↗2012-05-23

▶

Debian

CVE-2012-6656: glibc - iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-depen...↗2012

▶

💬Community

Bugzilla

CVE-2012-6656 glibc: crash in IBM930 decoding↗2014-09-01

▶