vulnerability

Debian: CVE-2021-43396: glibc -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	11/04/2021	07/30/2024	07/30/2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

11/04/2021

Added

07/30/2024

Modified

07/30/2024

Description

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.

Solution

debian-upgrade-glibc

References

CVE-2021-43396
https://attackerkb.com/topics/CVE-2021-43396

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today