CVE-2016-10228 — Improper Input Validation in Glibc
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 38.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 2
Latest updateApr 10
Description
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
5📋Vendor Advisories
7Microsoft▶
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid multi-byte input sequences in IBM1364 IBM1371 IBM1388 IBM1390 and IBM1399 encodings fails to advan↗2021-02-09
Red Hat▶
glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop↗2020-07-09
💬Community
4Bugzilla▶
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop↗2020-11-02
Bugzilla▶
CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8]↗2019-04-30
Bugzilla▶
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option [fedora-all]↗2017-03-02