SB2023022881 - SUSE update for glibc 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023022881

SB2023022881 - SUSE update for glibc

Published: February 28, 2023

Security Bulletin ID SB2023022881
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2019-25013)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.


2) Infinite loop (CVE-ID: CVE-2020-27618)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.


3) Reachable Assertion (CVE-ID: CVE-2020-29562)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when converting UCS4 text containing an irreversible character in the iconv function in the GNU C Library (aka glibc or libc6). A remote attacker can pass specially crafted data to the library, trigger an assertion failure and preform a denial of service attack.


4) Out-of-bounds write (CVE-ID: CVE-2020-29573)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary within the sysdeps/i386/ldbl2mpn.c in the GNU C Library on x86  systems. A remote attacker can pass specially crafted data to the application that uses the vulnerable version of glibc and crash it.


5) Reachable Assertion (CVE-ID: CVE-2021-3326)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.


Remediation

Install update from vendor's website.

References