CVE-2021-3326Reachable Assertion in Glibc

CWE-617Reachable Assertion12 documents9 sources
Severity
7.5HIGHNVD
OSV5.9
EPSS
0.2%
top 61.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
GNU GlibcFujitsu M10-1 FirmwareFujitsu M10-4 Firmware+7 more
Timeline
PublishedJan 27
Latest updateOct 25

Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

Debiangnu/glibc< 2.31-10+3
Ubuntugnu/glibc< 2.27-3ubuntu1.5+2
NVDgnu/glibc2.32.0
NVDfujitsu/m10-1_firmware< xcp2410+1
NVDfujitsu/m10-4_firmware< xcp2410+1

Also affects: Debian Linux 10.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
glibc vulnerabilities2022-10-25
GHSA
GHSA-w279-vhxx-7qx8: The iconv function in the GNU C Library (aka glibc or libc6) 22022-05-24
OSV
glibc vulnerabilities2022-03-01
OSV
CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 22021-01-27
CVEList
CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 22021-01-27

📋Vendor Advisories

6
Ubuntu
GNU C Library vulnerabilities2022-10-25
Ubuntu
GNU C Library vulnerabilities2022-03-01
Oracle
Oracle Oracle Communications Risk Matrix: SEPP (glibc) — CVE-2021-33262022-01-15
Red Hat
glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters2021-01-27
Microsoft
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier when processing invalid input sequences in the ISO-2022-JP-3 encoding fails an assertion in the code path and aborts the p2021-01-12
CVE-2021-3326 — Reachable Assertion in GNU Glibc | cvebase