The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Link | Tags |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=26224 | third party advisory issue tracking exploit |
| https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21 | patch third party advisory issue tracking |
| https://security.gentoo.org/glsa/202107-07 | third party advisory vendor advisory |
| https://www.oracle.com/security-alerts/cpujan2022.html | third party advisory patch |
| https://security.netapp.com/advisory/ntap-20210401-0006/ | third party advisory |
| https://www.oracle.com/security-alerts/cpuapr2022.html | third party advisory not applicable |
| https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | third party advisory mailing list |