Updated: 2025-08-20 02:32:48.968431
Description:
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | LOW | 2.1 |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | glibc | 2.12 | 5.5 | MEDIUM | Ignored | 2024-05-06 21:57:45 | Ignored due to low severity | |
| CentOS 8.4 ELS | glibc | 2.28 | 5.5 | MEDIUM | Already Fixed | 2023-11-07 03:51:20 | ||
| CentOS 8.5 ELS | glibc | 2.28 | 5.5 | MEDIUM | Already Fixed | 2023-11-07 03:51:20 | ||
| CloudLinux 6 ELS | glibc | 2.12 | 5.5 | MEDIUM | Ignored | 2024-05-06 21:57:44 | Ignored due to low severity | |
| Oracle Linux 6 ELS | glibc | 2.12 | 5.5 | MEDIUM | Ignored | 2024-05-06 21:57:45 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | glibc | 2.23-0 | 5.5 | MEDIUM | Released | CLSA-2022:1671481209 | 2022-12-19 16:03:10 |