CVE-2014-6040: GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character…

medium5CVSS 3.1

AVNACLAuNCNINAP

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	glibc	< glibc 2.19-12 (bookworm)	glibc 2.19-12 (bookworm)
eglibc	eglibc	>= 0 < 2.19-0ubuntu6.4	2.19-0ubuntu6.4
gnu	glibc	<= 2.19	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	—	—

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv5.0MEDIUM