Vulnerability Name:

CVE-2012-6656 (CCN-99154)

Assigned:2014-08-29
Published:2014-08-29
Updated:2017-07-01
Summary:iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-6656

Source: DEBIAN
Type: Third Party Advisory
DSA-3142

Source: CCN
Type: GNU C Library Web site
The GNU C Library

Source: MANDRIVA
Type: Broken Link
MDVSA-2014:175

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages

Source: BID
Type: Third Party Advisory, VDB Entry
69472

Source: CCN
Type: BID-69472
GNU glibc 'iconv()' Denial of Service Vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-2432-1

Source: XF
Type: UNKNOWN
glibc-cve20126656-dos(99154)

Source: GENTOO
Type: UNKNOWN
GLSA-201503-04

Source: CONFIRM
Type: Exploit, Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=14134

Source: CONFIRM
Type: Issue Tracking, Patch
https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2012-6656

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:gnu:glibc:*:*:*:*:*:*:*:* (Version <= 2.16)

    • Configuration CCN 1:
  • cpe:/a:gnu:glibc:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20126656
    V
    		CVE-2012-6656
    2022-05-20
    oval:org.opensuse.security:def:33060
    P
    		Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:26167
    P
    		Security update for php72 (Moderate)
    2021-11-19
    oval:org.opensuse.security:def:32212
    P
    		Security update for binutils (Moderate)
    2021-11-02
    oval:org.opensuse.security:def:31688
    P
    		Security update for python-urllib3 (Moderate)
    2021-09-29
    oval:org.opensuse.security:def:42543
    P
    		glibc-2.11.3-17.84.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36136
    P
    		glibc-2.11.3-17.84.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36414
    P
    		glibc-html-2.11.3-17.84.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31614
    P
    		Security update for java-1_7_0-openjdk (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:26039
    P
    		Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:31603
    P
    		Security update for fwupdate (Important)
    2021-04-08
    oval:org.opensuse.security:def:33099
    P
    		Security update for python36 (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:32268
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:26111
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:25975
    P
    		Security update for openssl-1_0_0 (Important)
    2020-12-09
    oval:org.opensuse.security:def:25970
    P
    		Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:31820
    P
    		Security update for augeas (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27412
    P
    		glibc-html on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26461
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25685
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32317
    P
    		Security update for rsync (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26540
    P
    		enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27377
    P
    		boost-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25964
    P
    		Security update for libraw (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26417
    P
    		Security update for Mozilla Thunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26389
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26739
    P
    		libapr1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25963
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:26403
    P
    		Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26305
    P
    		Security update for python-setuptools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25889
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26364
    P
    		Security update for irssi (Low)
    2020-12-01
    oval:org.opensuse.security:def:32056
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26248
    P
    		Security update for freerdp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25761
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32422
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31602
    P
    		Security update for tomcat6
    2020-12-01
    oval:org.opensuse.security:def:26681
    P
    		curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26315
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31969
    P
    		Security update for ipsec-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27134
    P
    		glibc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25697
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32378
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26642
    P
    		sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26262
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31912
    P
    		Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27099
    P
    		coreutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25686
    P
    		Security update for wicked (Important)
    2020-12-01
    oval:org.opensuse.security:def:32356
    P
    		Security update for squid3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26593
    P
    		libnetpbm10 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:28047
    P
    		USN-2432-1 -- GNU C Library vulnerabilities
    2015-03-09
    oval:org.mitre.oval:def:28528
    P
    		DSA-3142-1 -- eglibc -- security update
    2015-03-09
    oval:com.ubuntu.precise:def:20126656000
    V
    		CVE-2012-6656 on Ubuntu 12.04 LTS (precise) - low.
    2014-12-05
    oval:com.ubuntu.trusty:def:20126656000
    V
    		CVE-2012-6656 on Ubuntu 14.04 LTS (trusty) - low.
    2014-12-05
    oval:org.mitre.oval:def:25924
    P
    		SUSE-SU-2014:1129-1 -- Security update for glibc
    2014-11-10
    oval:org.mitre.oval:def:26817
    P
    		SUSE-SU-2014:1128-1 -- Security update for glibc
    2014-11-10
    BACK
    debian debian linux 7.0
    canonical ubuntu linux 10.04
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 14.10
    gnu glibc *
    gnu glibc -