CVE-2020-27618

Published: 2/26/2021 Last updated: 6/9/2025 Reserved: 10/22/2020

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

gettext-stub

Products affected (1)

Product	Vendor	Version
n/a	n/a	QCS7230

References (14)

https://sourceware.org/bugzilla/show_bug.cgi?id=26224
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
https://security.gentoo.org/glsa/202107-07
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.netapp.com/advisory/ntap-20210401-0006/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
https://security.gentoo.org/glsa/202107-07
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.netapp.com/advisory/ntap-20210401-0006/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html