CVE-2014-6040

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
gnuglibc
𝑥
≤ 2.19
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.10.1
gnuglibc
2.11
gnuglibc
2.11.1
gnuglibc
2.11.2
gnuglibc
2.11.3
gnuglibc
2.12
gnuglibc
2.12.1
gnuglibc
2.12.2
gnuglibc
2.13
gnuglibc
2.14
gnuglibc
2.14.1
gnuglibc
2.15
gnuglibc
2.16
gnuglibc
2.17
gnuglibc
2.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
wheezy
no-dsa
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
utopic
dne
trusty
Fixed 2.19-0ubuntu6.4
released
precise
Fixed 2.15-0ubuntu10.9
released
lucid
Fixed 2.11.1-0ubuntu7.19
released
glibc
utopic
Fixed 2.19-10ubuntu2.1
released
trusty
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
http://ubuntu.com/usn/usn-2432-1
http://www.debian.org/security/2015/dsa-3142
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://www.securityfocus.com/bid/69472
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
http://ubuntu.com/usn/usn-2432-1
http://www.debian.org/security/2015/dsa-3142
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://www.securityfocus.com/bid/69472
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6