Vulnerability Description
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | >= 2.30, <= 2.32 |
| Fedoraproject | Fedora | 32 |
| Netapp | E-Series Santricity Os Controller | >= 11.0.0, <= 11.60.3 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202101-20Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=26923ExploitIssue TrackingPatch
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202101-20Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210122-0004/Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=26923ExploitIssue TrackingPatch
FAQ
What is CVE-2020-29562?
CVE-2020-29562 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, p...
How severe is CVE-2020-29562?
CVE-2020-29562 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29562?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Fedoraproject Fedora, Netapp E-Series Santricity Os Controller.