Vulnerability Name:

CVE-2020-29562 (CCN-192678)

Assigned:2020-11-19
Published:2020-11-19
Updated:2021-03-19
Summary:The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVSS v3 Severity:4.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)
4.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-617
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-29562

Source: XF
Type: UNKNOWN
gnu-cve202029562-dos(192678)

Source: MLIST
Type: Mailing List, Third Party Advisory
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6e581c051a

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0004/

Source: CCN
Type: Sourceware Bugzilla - Bug 26923
Assertion failure in iconv when converting invalid UCS4

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=26923

Source: CCN
Type: GNU Web site
The GNU C Library (glibc)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:glibc:*:*:*:*:*:*:*:* (Version >= 2.30 and <= 2.32)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.60.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8010
    P
    		glibc-devel-32bit-2.31-150300.46.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7510
    P
    		glibc-2.31-150300.46.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:93158
    P
    		 (Important)
    2022-07-14
    oval:org.opensuse.security:def:93311
    P
    		 (Important)
    2022-07-08
    oval:org.opensuse.security:def:3568
    P
    		libXv1-1.0.10-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3385
    P
    		tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94946
    P
    		libical-devel-3.0.10-150400.1.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2935
    P
    		glibc-2.31-150300.20.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94565
    P
    		glibc-2.31-150300.20.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94680
    P
    		libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95015
    P
    		glibc-devel-32bit-2.31-150300.20.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:68
    P
    		glibc-2.31-7.30 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:101659
    P
    		Security update for python-libxml2-python (Important)
    2022-03-10
    oval:org.opensuse.security:def:99203
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:112305
    P
    		glibc-2.34-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:997
    P
    		Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important)
    2022-01-10
    oval:org.opensuse.security:def:4537
    P
    		Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)
    2021-12-14
    oval:org.opensuse.security:def:102214
    P
    		Security update for util-linux (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:105828
    P
    		glibc-2.34-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:101393
    P
    		python3-virt-bootstrap-1.0.0-5.3.124 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:71827
    P
    		glibc-2.31-7.30 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100844
    P
    		glibc-2.31-7.30 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72727
    P
    		glibc-devel-32bit-2.31-7.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101266
    P
    		glibc-devel-32bit-2.31-7.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62086
    P
    		glibc-2.31-7.30 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1919
    P
    		glibc-devel-32bit-2.31-7.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63008
    P
    		glibc-devel-32bit-2.31-7.20 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:99398
    P
    		 (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:125515
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:23882
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:59713
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:89110
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:34404
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:5014
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:126686
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:26027
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:60227
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:89368
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:51870
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:88099
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:127083
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:33632
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:59455
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:88411
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:33890
    P
    		Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:111242
    P
    		Security update for glibc (Important)
    2021-02-27
    oval:org.opensuse.security:def:9648
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92448
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69594
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:97247
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:100108
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:8897
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:70538
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108059
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:64657
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:76110
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9847
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:95501
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92647
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69788
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9092
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92058
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:117573
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108325
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:65626
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99597
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:10208
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:5953
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92846
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:69987
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:73779
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99008
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:9454
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:92253
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:117839
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:108880
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:67042
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:99796
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:10398
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:8707
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:93005
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:70348
    P
    		Security update for glibc (Important)
    2021-02-26
    oval:org.opensuse.security:def:74694
    P
    		Security update for glibc (Important)
    2021-02-26
    BACK
    gnu glibc *
    fedoraproject fedora 32
    netapp e-series santricity os controller *