VulnerableCode Package Details - pkg:alpm/archlinux/glibc@2.32-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-c3ax-wdga-aaam Aliases: CVE-2021-3326	The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.	2.33-1 Affected by 0 other vulnerabilities.
VCID-k9gp-cakq-aaak Aliases: CVE-2019-25013	The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.	2.33-1 Affected by 0 other vulnerabilities.
VCID-t33k-37qm-aaan Aliases: CVE-2020-29562	The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.	2.33-1 Affected by 0 other vulnerabilities.
VCID-tb83-ecmn-aaag Aliases: CVE-2020-29573	sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.	There are no reported fixed by versions.
VCID-zsrq-e5ww-aaaf Aliases: CVE-2020-27618	The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.	2.33-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-c3ax-wdga-aaam
Aliases:
CVE-2021-3326

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

2.33-1
Affected by 0 other vulnerabilities.

VCID-k9gp-cakq-aaak
Aliases:
CVE-2019-25013

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

2.33-1
Affected by 0 other vulnerabilities.

VCID-t33k-37qm-aaan
Aliases:
CVE-2020-29562

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

2.33-1
Affected by 0 other vulnerabilities.

VCID-tb83-ecmn-aaag
Aliases:
CVE-2020-29573

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

There are no reported fixed by versions.

VCID-zsrq-e5ww-aaaf
Aliases:
CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

2.33-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-18T02:02:28.740163+00:00	Arch Linux Importer	Affected by	VCID-k9gp-cakq-aaak	https://security.archlinux.org/AVG-1320	34.0.1
2024-09-18T02:02:28.712731+00:00	Arch Linux Importer	Affected by	VCID-zsrq-e5ww-aaaf	https://security.archlinux.org/AVG-1320	34.0.1
2024-09-18T02:02:28.685502+00:00	Arch Linux Importer	Affected by	VCID-t33k-37qm-aaan	https://security.archlinux.org/AVG-1320	34.0.1
2024-09-18T02:02:28.657069+00:00	Arch Linux Importer	Affected by	VCID-c3ax-wdga-aaam	https://security.archlinux.org/AVG-1320	34.0.1
2024-09-18T02:02:06.158167+00:00	Arch Linux Importer	Affected by	VCID-tb83-ecmn-aaag	https://security.archlinux.org/AVG-1324	34.0.1
2024-06-15T20:59:56.684631+00:00	Arch Linux Importer	Affected by	VCID-k9gp-cakq-aaak	https://security.archlinux.org/AVG-1320	34.0.0rc4
2024-06-15T20:59:56.663051+00:00	Arch Linux Importer	Affected by	VCID-zsrq-e5ww-aaaf	https://security.archlinux.org/AVG-1320	34.0.0rc4
2024-06-15T20:59:56.641507+00:00	Arch Linux Importer	Affected by	VCID-t33k-37qm-aaan	https://security.archlinux.org/AVG-1320	34.0.0rc4
2024-06-15T20:59:56.619729+00:00	Arch Linux Importer	Affected by	VCID-c3ax-wdga-aaam	https://security.archlinux.org/AVG-1320	34.0.0rc4
2024-06-15T20:59:56.602456+00:00	Arch Linux Importer	Affected by	VCID-tb83-ecmn-aaag	https://security.archlinux.org/AVG-1324	34.0.0rc4