CVE-2026-4046

Exploit

EPSS 0.07%
Veröffentlicht 30.03.2026 17:16:11
Zuletzt bearbeitet 20.04.2026 22:16:23
Quelle 3ff69d7a-14f2-4f67-a097-88dee7
CVE-Watchlists
Login
Unerledigt
Login

iconv crash due to assertion failure with untrusted input

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.



This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Glibc Version <= 2.43

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://sourceware.org/bugzilla/show_bug.cgi?id=33980

Patch

Exploit

Issue Tracking

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD

Third Party Advisory

https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u

https://nvd.nist.gov/vuln/detail/CVE-2026-4046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4046

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4046