CVE-2016-10228
Published: 02 March 2017
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
Priority
Negligible
CVSS 3 base score: 5.9
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
glibc Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07 |
||