CVE-2012-6656 : iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-depen

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

Published 2014-12-05 16:59:00

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-6656

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
GNU » Glibc
Versions up to, including, (<=) 2.16
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.10
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-6656

EPSS FAQ

1.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-6656

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-6656

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6656

https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d11837f3ae7b375ea69d7905f0d18eb79e5

sourceware.org Git
https://sourceware.org/bugzilla/show_bug.cgi?id=14134

14134 – (CVE-2012-6656) iconv() segfaults if the invalid multibyte character 0xffff is input when converting from IBM930 (CVE-2012-6656)
Exploit;Issue Tracking
https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5

sourceware.org Git - glibc.git/commit
Patch;Issue Tracking
https://security.gentoo.org/glsa/201503-04

GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2432-1

USN-2432-1: GNU C Library vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/69472

GNU glibc 'iconv()' Denial of Service Vulnerability
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3142

Debian -- Security Information -- DSA-3142-1 eglibc
Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175

mandriva.com
Broken Link

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/09/02/1

oss-security - Re: CVE request: glibc character set conversion from IBM code pages
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/08/29/3

oss-security - CVE request: glibc character set conversion from IBM code pages
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-6656

Products affected by CVE-2012-6656

Exploit prediction scoring system (EPSS) score for CVE-2012-6656

CVSS scores for CVE-2012-6656

CWE ids for CVE-2012-6656

References for CVE-2012-6656