CVE-2020-29562 — Reachable Assertion in Glibc

CWE-617 — Reachable Assertion CWE-20 — Improper Input Validation8 documents7 sources

Severity

4.8MEDIUMNVD

OSV5.9

EPSS

0.1%

top 83.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Netapp E-series Santricity OS Controller Fedoraproject Fedora

Timeline

PublishedDec 4

Latest updateMay 24

Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶Debiangnu/glibc< 2.31-7+3

▶Ubuntugnu/glibc< 2.27-3ubuntu1.5+1

▶NVDgnu/glibc2.30 — 2.32

▶NVDnetapp/e-series_santricity_os_controller11.0.0 — 11.60.3

Also affects: Fedora 32

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-9xm7-qxg2-g5p4: The iconv function in the GNU C Library (aka glibc or libc6) 2↗2022-05-24

▶

OSV

glibc vulnerabilities↗2022-03-01

▶

CVEList

CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2↗2020-12-04

▶

OSV

CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2↗2020-12-04

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2022-03-01

▶

Red Hat

glibc: assertion failure in iconv when converting invalid UCS4↗2020-11-19

▶

Debian

CVE-2020-29562: glibc - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when ...↗2020

▶