cbcvebase.
CVE-2020-29562
published 2020-12-04

CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion…

medium4.8CVSS 3.1
AVNACHPRLUIRSUCNINAH
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianglibc< glibc 2.31-7 (bookworm)glibc 2.31-7 (bookworm)
fedoraprojectfedora
gnuglibc>= 0 < 2.31-72.31-7
gnuglibc>= 0 < 2.31-72.31-7
gnuglibc>= 0 < 2.31-72.31-7
gnuglibc>= 0 < 2.31-72.31-7
gnuglibc>= 0 < 2.27-3ubuntu1.52.27-3ubuntu1.5
gnuglibc>= 0 < 2.31-0ubuntu9.72.31-0ubuntu9.7
gnuglibc2.30 – 2.32
netappe-series_santricity_os_controller11.0.0 – 11.60.3

CVSS provenance

nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
osv5.9MEDIUM