csaf_suse - suse-su-2024:0759-1

suse-su-2024:0759-1

Vulnerability from csaf_suse

Published

2024-03-05 10:25

Modified

2024-03-05 10:25

Summary

Security update for glibc

Notes

Title of the patch

Security update for glibc

Description of the patch

This update for glibc fixes the following issues: Security issues fixed: - CVE-2020-29573: x86: printf was hardened against non-normal long double values (bsc#1179721, BZ #26649) - CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module (bsc#1181505, BZ #27256) - CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module (bsc#1182117, BZ #24973) - CVE-2020-27618: Accept redundant shift sequences in IBM1364 iconv (bsc#1178386, BZ #26224) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds in iconv (bsc#1179694, BZ #26923) - Schedule nscd cache pruning more accurately from re-added values (bsc#1018158)

Patchnames

SUSE-2024-759,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-759

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for glibc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for glibc fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-29573: x86: printf was hardened against non-normal long double values (bsc#1179721, BZ #26649)\n- CVE-2021-3326: Fix assertion failure in gconv ISO-2022-JP-3 module (bsc#1181505, BZ #27256)\n- CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module (bsc#1182117, BZ #24973)\n- CVE-2020-27618: Accept redundant shift sequences in IBM1364 iconv (bsc#1178386, BZ #26224)\n- CVE-2020-29562: Fix incorrect UCS4 inner loop bounds in iconv (bsc#1179694, BZ #26923)\n\n- Schedule nscd cache pruning more accurately from re-added values (bsc#1018158)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-759,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-759",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0759-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0759-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240759-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0759-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018088.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1018158",
        "url": "https://bugzilla.suse.com/1018158"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178386",
        "url": "https://bugzilla.suse.com/1178386"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179694",
        "url": "https://bugzilla.suse.com/1179694"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179721",
        "url": "https://bugzilla.suse.com/1179721"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181505",
        "url": "https://bugzilla.suse.com/1181505"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182117",
        "url": "https://bugzilla.suse.com/1182117"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-25013 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-25013/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27618 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27618/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29562 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29562/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29573 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3326 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3326/"
      }
    ],
    "title": "Security update for glibc",
    "tracking": {
      "current_release_date": "2024-03-05T10:25:27Z",
      "generator": {
        "date": "2024-03-05T10:25:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0759-1",
      "initial_release_date": "2024-03-05T10:25:27Z",
      "revision_history": [
        {
          "date": "2024-03-05T10:25:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glibc-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-32bit-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-32bit-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-32bit-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-devel-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-devel-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-devel-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-devel-32bit-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-html-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-html-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-html-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-i18ndata-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-info-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-info-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-info-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-locale-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-locale-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-locale-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-locale-32bit-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-profile-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-profile-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-profile-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
                  "product_id": "glibc-profile-32bit-2.11.3-17.110.43.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nscd-2.11.3-17.110.43.1.x86_64",
                "product": {
                  "name": "nscd-2.11.3-17.110.43.1.x86_64",
                  "product_id": "nscd-2.11.3-17.110.43.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-32bit-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-32bit-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-devel-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-devel-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-devel-32bit-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-html-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-html-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-i18ndata-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-info-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-info-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-locale-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-locale-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-locale-32bit-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-profile-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-profile-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glibc-profile-32bit-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nscd-2.11.3-17.110.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
          "product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        },
        "product_reference": "nscd-2.11.3-17.110.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-25013",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-25013"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-25013",
          "url": "https://www.suse.com/security/cve/CVE-2019-25013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182117 for CVE-2019-25013",
          "url": "https://bugzilla.suse.com/1182117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220988 for CVE-2019-25013",
          "url": "https://bugzilla.suse.com/1220988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-05T10:25:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-25013"
    },
    {
      "cve": "CVE-2020-27618",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27618"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27618",
          "url": "https://www.suse.com/security/cve/CVE-2020-27618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178386 for CVE-2020-27618",
          "url": "https://bugzilla.suse.com/1178386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220988 for CVE-2020-27618",
          "url": "https://bugzilla.suse.com/1220988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-05T10:25:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27618"
    },
    {
      "cve": "CVE-2020-29562",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29562"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29562",
          "url": "https://www.suse.com/security/cve/CVE-2020-29562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179694 for CVE-2020-29562",
          "url": "https://bugzilla.suse.com/1179694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220988 for CVE-2020-29562",
          "url": "https://bugzilla.suse.com/1220988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-05T10:25:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-29562"
    },
    {
      "cve": "CVE-2020-29573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29573",
          "url": "https://www.suse.com/security/cve/CVE-2020-29573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179721 for CVE-2020-29573",
          "url": "https://bugzilla.suse.com/1179721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220988 for CVE-2020-29573",
          "url": "https://bugzilla.suse.com/1220988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-05T10:25:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-29573"
    },
    {
      "cve": "CVE-2021-3326",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3326"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3326",
          "url": "https://www.suse.com/security/cve/CVE-2021-3326"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181505 for CVE-2021-3326",
          "url": "https://bugzilla.suse.com/1181505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212283 for CVE-2021-3326",
          "url": "https://bugzilla.suse.com/1212283"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220988 for CVE-2021-3326",
          "url": "https://bugzilla.suse.com/1220988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-05T10:25:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3326"
    }
  ]
}

CVE-2020-29562 (GCVE-0-2020-29562)

Vulnerability from cvelistv5

Published

2020-12-04 06:48

Modified

2025-06-09 15:14

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

Summary

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

References

►

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=26923	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/	vendor-advisory, x_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-20210122-0004/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-20	vendor-advisory, x_refsource_GENTOO
	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:10.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923"
          },
          {
            "name": "FEDORA-2021-6e581c051a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
          },
          {
            "name": "GLSA-202101-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-20"
          },
          {
            "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 4.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-29562",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:13:36.629969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:14:25.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-25T16:06:18.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923"
        },
        {
          "name": "FEDORA-2021-6e581c051a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
        },
        {
          "name": "GLSA-202101-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-20"
        },
        {
          "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
              "refsource": "MISC",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923"
            },
            {
              "name": "FEDORA-2021-6e581c051a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
            },
            {
              "name": "GLSA-202101-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-20"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29562",
    "datePublished": "2020-12-04T06:48:23.000Z",
    "dateReserved": "2020-12-04T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:14:25.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3326 (GCVE-0-2021-3326)

Vulnerability from cvelistv5

Published

2021-01-27 00:00

Modified

2025-06-09 15:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

References

►

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=27256
	https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888
	http://www.openwall.com/lists/oss-security/2021/01/28/2	mailing-list
	https://security.gentoo.org/glsa/202107-07	vendor-advisory
	https://www.oracle.com/security-alerts/cpujan2022.html
	https://security.netapp.com/advisory/ntap-20210304-0007/
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:53:17.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888"
          },
          {
            "name": "[oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2"
          },
          {
            "name": "GLSA-202107-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210304-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-3326",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:17:18.701250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:18:04.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888"
        },
        {
          "name": "[oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2"
        },
        {
          "name": "GLSA-202107-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-07"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210304-0007/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-3326",
    "datePublished": "2021-01-27T00:00:00.000Z",
    "dateReserved": "2021-01-27T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:18:04.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-29573 (GCVE-0-2020-29573)

Vulnerability from cvelistv5

Published

2020-12-05 23:18

Modified

2024-08-04 16:55

Severity ?

CWE

Summary

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

References

►

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=26649	x_refsource_MISC
	https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210122-0004/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202101-20	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:10.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
          },
          {
            "name": "GLSA-202101-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
        },
        {
          "name": "GLSA-202101-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-20"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649",
              "refsource": "MISC",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26649"
            },
            {
              "name": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html",
              "refsource": "MISC",
              "url": "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0004/"
            },
            {
              "name": "GLSA-202101-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-20"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29573",
    "datePublished": "2020-12-05T23:18:58",
    "dateReserved": "2020-12-05T00:00:00",
    "dateUpdated": "2024-08-04T16:55:10.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25013 (GCVE-0-2019-25013)

Vulnerability from cvelistv5

Published

2021-01-04 00:00

Modified

2025-06-09 15:16

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

References

►

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=24973
	https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/	vendor-advisory
	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E	mailing-list
	https://security.gentoo.org/glsa/202107-07	vendor-advisory
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20210205-0004/
	https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:18.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
          },
          {
            "name": "FEDORA-2021-6feb090c97",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
          },
          {
            "name": "FEDORA-2021-6e581c051a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
          },
          {
            "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "GLSA-202107-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
          },
          {
            "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-25013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:16:13.087398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:16:54.357Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
        },
        {
          "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
        },
        {
          "name": "FEDORA-2021-6feb090c97",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/"
        },
        {
          "name": "FEDORA-2021-6e581c051a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/"
        },
        {
          "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "GLSA-202107-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-07"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
        },
        {
          "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-25013",
    "datePublished": "2021-01-04T00:00:00.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:16:54.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27618 (GCVE-0-2020-27618)

Vulnerability from cvelistv5

Published

2021-02-26 00:00

Modified

2025-06-09 15:15

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

References

►

URL

Tags

	https://sourceware.org/bugzilla/show_bug.cgi?id=26224
	https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
	https://security.gentoo.org/glsa/202107-07	vendor-advisory
	https://www.oracle.com/security-alerts/cpujan2022.html
	https://security.netapp.com/advisory/ntap-20210401-0006/
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:18:45.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21"
          },
          {
            "name": "GLSA-202107-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210401-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-27618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:14:58.724788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-835",
                "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:15:47.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        },
        {
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21"
        },
        {
          "name": "GLSA-202107-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-07"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210401-0006/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-27618",
    "datePublished": "2021-02-26T00:00:00.000Z",
    "dateReserved": "2020-10-22T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:15:47.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2024:0759-1

Vulnerability from csaf_suse

CVE-2020-29562 (GCVE-0-2020-29562)

Vulnerability from cvelistv5

CVE-2021-3326 (GCVE-0-2021-3326)

Vulnerability from cvelistv5

CVE-2020-29573 (GCVE-0-2020-29573)

Vulnerability from cvelistv5

CVE-2019-25013 (GCVE-0-2019-25013)

Vulnerability from cvelistv5

CVE-2020-27618 (GCVE-0-2020-27618)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature