CVE-2014-6040 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

7.2%

top 8.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedDec 5

Latest updateMay 17

Description

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiangnu/glibc< 2.19-12+3

▶NVDgnu/glibc2.19+28

Patches

Patch: ubuntu.com ↗Patch: ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-q282-r79m-mmjq: GNU C Library (aka glibc) before 2↗2022-05-17

▶

OSV

CVE-2014-6040: GNU C Library (aka glibc) before 2↗2014-12-05

▶

CVEList

CVE-2014-6040: GNU C Library (aka glibc) before 2↗2014-12-05

▶

OSV

eglibc, glibc vulnerabilities↗2014-12-03

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2014-12-03

▶

Red Hat

glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)↗2014-08-28

▶

Debian

CVE-2014-6040: glibc - GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to caus...↗2014

▶

💬Community

Bugzilla

CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)↗2014-09-01

▶