CVE-2016-10228

EPSS 0.53%
Published 02.03.2017 01:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version <= 2.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.663

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2022.html

http://openwall.com/lists/oss-security/2017/03/01/10

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/96525

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html

https://security.gentoo.org/glsa/202101-20

https://sourceware.org/bugzilla/show_bug.cgi?id=19519

Issue Tracking

https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21

https://sourceware.org/bugzilla/show_bug.cgi?id=26224

https://nvd.nist.gov/vuln/detail/CVE-2016-10228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10228

EUVD