CVE-2021-43396
04.11.2021, 20:15
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.34 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 |
| oracle | enterprise_operations_monitor | 4.3 |
| oracle | enterprise_operations_monitor | 4.4 |
| oracle | enterprise_operations_monitor | 5.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References