CVE-2016-10228

EPSS 0.53%
Veröffentlicht 02.03.2017 01:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Glibc Version <= 2.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.663

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2022.html

http://openwall.com/lists/oss-security/2017/03/01/10

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/96525

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html

https://security.gentoo.org/glsa/202101-20

https://sourceware.org/bugzilla/show_bug.cgi?id=19519

Issue Tracking

https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21

https://sourceware.org/bugzilla/show_bug.cgi?id=26224

https://nvd.nist.gov/vuln/detail/CVE-2016-10228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10228

EUVD