CVE-2026-4046

CWE-617Reachable Assertion10 documents8 sources
Severity
7.5HIGH
EPSS
0.0%
top 85.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE GNU C Library GlibcGNU Glibc
Timeline
PublishedMar 30

Description

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5the_gnu_c_library/glibc2.3.3*
NVDgnu/glibc2.43

Patches

Patch: sourceware.org

🔴Vulnerability Details

3
CVEList
iconv crash due to assertion failure with untrusted input2026-03-30
GHSA
GHSA-g7c4-wv7q-gcc6: The iconv() function in the GNU C Library versions 22026-03-30
OSV
CVE-2026-4046: The iconv() function in the GNU C Library versions 22026-03-30

📋Vendor Advisories

2
Red Hat
glibc: glibc: Denial of Service via iconv() function with specific character sets2026-03-30
Debian
CVE-2026-4046: glibc - The iconv() function in the GNU C Library versions 2.43 and earlier may crash du...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-4046 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

3
Bugzilla
CVE-2026-4046 zig: glibc: Denial of Service via iconv() function with specific character sets [fedora-all]2026-03-30
Bugzilla
CVE-2026-4046 glibc: glibc: Denial of Service via iconv() function with specific character sets2026-03-30
Bugzilla
CVE-2026-4046 zig: glibc: Denial of Service via iconv() function with specific character sets [epel-all]2026-03-30
CVE-2026-4046 (HIGH CVSS 7.5) | The iconv() function in the GNU C L | cvebase.io