CVE-2020-29562

Published: 12/4/2020 Last updated: 6/9/2025 Reserved: 12/4/2020

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.8	Medium	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

gettext-stub

Products affected (1)

Product	Vendor	Version
n/a	n/a	Fixed in version 5.0.02.16

References (10)

https://sourceware.org/bugzilla/show_bug.cgi?id=26923
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/
https://security.netapp.com/advisory/ntap-20210122-0004/
https://security.gentoo.org/glsa/202101-20
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/
https://security.netapp.com/advisory/ntap-20210122-0004/
https://security.gentoo.org/glsa/202101-20
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E