CVE-2014-6040

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
≤ 2.19
gnuglibc
2.0
gnuglibc
2.0.1
gnuglibc
2.0.2
gnuglibc
2.0.3
gnuglibc
2.0.4
gnuglibc
2.0.5
gnuglibc
2.0.6
gnuglibc
2.1
gnuglibc
2.1.1
gnuglibc
2.1.1.6
gnuglibc
2.1.2
gnuglibc
2.1.3
gnuglibc
2.1.9
gnuglibc
2.10.1
gnuglibc
2.11
gnuglibc
2.11.1
gnuglibc
2.11.2
gnuglibc
2.11.3
gnuglibc
2.12
gnuglibc
2.12.1
gnuglibc
2.12.2
gnuglibc
2.13
gnuglibc
2.14
gnuglibc
2.14.1
gnuglibc
2.15
gnuglibc
2.16
gnuglibc
2.17
gnuglibc
2.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
lucid
Fixed 2.11.1-0ubuntu7.19
released
precise
Fixed 2.15-0ubuntu10.9
released
trusty
Fixed 2.19-0ubuntu6.4
released
utopic
dne
glibc
lucid
dne
precise
dne
trusty
dne
utopic
Fixed 2.19-10ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glibc
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise desktop 15 SP2
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15 SP2
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15 SP2
2.26-8.21
fixed
glibc-devel
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-devel-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-8.21
fixed
glibc-devel-static
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-extra
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-html
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
glibc-i18ndata
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-info
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-locale
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-locale-32bit
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-8.21
fixed
suse enterprise desktop 15 SP2
2.26-8.21
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-8.21
fixed
suse enterprise sap 15 SP2
2.26-8.21
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-8.21
fixed
suse enterprise server 15 SP2
2.26-8.21
fixed
glibc-locale-base
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-profile
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
glibc-profile-32bit
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
glibc-utils
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
nscd
suse enterprise desktop 15
2.26-11.8
fixed
suse enterprise desktop 15 SP1
2.26-13.19.1
fixed
suse enterprise sap 12 SP5
2.22-100.15.4
fixed
suse enterprise sap 15
2.26-11.8
fixed
suse enterprise sap 15 SP1
2.26-13.19.1
fixed
suse enterprise server 12 SP5
2.22-100.15.4
fixed
suse enterprise server 15
2.26-11.8
fixed
suse enterprise server 15 SP1
2.26-13.19.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
glibc
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
glibc-common
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
glibc-devel
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
glibc-headers
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
glibc-static
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
glibc-utils
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
nscd
RHEL 6
0:2.12-1.149.el6_6.4
fixed
RHEL 7
0:2.17-78.el7
fixed
Common Weakness Enumeration
References
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
http://ubuntu.com/usn/usn-2432-1
http://www.debian.org/security/2015/dsa-3142
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://www.securityfocus.com/bid/69472
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
http://ubuntu.com/usn/usn-2432-1
http://www.debian.org/security/2015/dsa-3142
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://www.securityfocus.com/bid/69472
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6