Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-5119Off-by-one Error in Glibc

CWE-189CWE-193Off-by-one ErrorCWE-626Null Byte Interaction Error (Poison Null Byte)CWE-122Heap-based Buffer Overflow11 documents9 sources
Severity
7.5HIGHNVD
OSV6.8
EPSS
21.5%
top 4.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
GNU GlibcEglibcDebian Linux
Timeline
PublishedAug 29
Latest updateMay 13

Description

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDgnu/glibc< 2.20
Debiangnu/glibc< 2.19-10+3
Ubuntueglibc/eglibc< 2.19-0ubuntu6.3

Also affects: Debian Linux 7.0

🔴Vulnerability Details

4
GHSA
GHSA-jv4w-947j-grmm: Off-by-one error in the __gconv_translit_find function in gconv_trans2022-05-13
CVEList
CVE-2014-5119: Off-by-one error in the __gconv_translit_find function in gconv_trans2014-08-29
OSV
CVE-2014-5119: Off-by-one error in the __gconv_translit_find function in gconv_trans2014-08-29
OSV
eglibc vulnerability2014-08-29

💥Exploits & PoCs

1
Exploit-DB
glibc - NUL Byte gconv_translit_find Off-by-One2014-08-27

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerability2014-08-29
Red Hat
glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()2014-07-14
Debian
CVE-2014-5119: glibc - Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C...2014

💬Community

2
Bugzilla
CVE-2014-5119 glibc: out-of-bounds NUL write in iconv_open [fedora-all]2014-08-13
Bugzilla
CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()2014-07-14
CVE-2014-5119 — Off-by-one Error in GNU Glibc | cvebase