Vulnerability Details : CVE-2012-6656
Potential exploit
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
Vulnerability category: Denial of service
Products affected by CVE-2012-6656
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6656
1.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-6656
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6656
-
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
sourceware.org Git
-
https://sourceware.org/bugzilla/show_bug.cgi?id=14134
14134 – (CVE-2012-6656) iconv() segfaults if the invalid multibyte character 0xffff is input when converting from IBM930 (CVE-2012-6656)Exploit;Issue Tracking
-
https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
sourceware.org Git - glibc.git/commitPatch;Issue Tracking
-
https://security.gentoo.org/glsa/201503-04
GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2432-1
USN-2432-1: GNU C Library vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/69472
GNU glibc 'iconv()' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2015/dsa-3142
Debian -- Security Information -- DSA-3142-1 eglibcThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
mandriva.comBroken Link
-
http://www.openwall.com/lists/oss-security/2014/09/02/1
oss-security - Re: CVE request: glibc character set conversion from IBM code pagesMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/08/29/3
oss-security - CVE request: glibc character set conversion from IBM code pagesMailing List;Third Party Advisory
Jump to