CVE-2021-3326: The iconv app in glibc when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion & aborts
Bug #1929105 reported by
bhs
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GLibC |
Fix Released
|
Medium
|
|||
glibc (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bionic |
Fix Released
|
Low
|
Unassigned | ||
Focal |
Fix Released
|
Low
|
Unassigned | ||
Groovy |
Won't Fix
|
Low
|
Unassigned |
Bug Description
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE References
information type: | Private Security → Public Security |
Changed in glibc: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
To post a comment you must log in.
Tavis Ormandy reported that when converting from ISO-2022-JP-3 to UTF-8, the gconv module could trigger an assertion failure in iconv/skeleton.c if the second wide character in a two-wide-character sequence cannot be written to the output buffer during character set conversion.
If glibc is built with assertions, this assertion failure can typically be triggered by applications (such as mail clients) which use the glibc iconv subsystem for MIME character set processing.