Oval Definition:	oval:org.opensuse.security:def:202143396
Revision Date: 2022-05-22 Version: 1 Title: CVE-2021-43396 Description: ** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug." Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-43396 SUSE CVE-2021-43396 Platform(s): SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP1 is installed OR SUSE Linux Enterprise Server 11 SP3 is installed OR SUSE Linux Enterprise Server 11 SP4 is installed AND Package Information glibc is not affected OR glibc.i686 is not affected Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP1 is installed OR SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information glibc is not affected OR glibc.i686 is not affected Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information glibc is not affected OR glibc-devel is not affected OR glibc-html is not affected OR glibc-i18ndata is not affected OR glibc-info is not affected OR glibc-locale is not affected OR glibc-profile is not affected OR nscd is not affected OR glibc-32bit is not affected OR glibc-devel-32bit is not affected OR glibc-locale-32bit is not affected OR glibc-profile-32bit is not affected
BACK