Your submission was sent successfully! Close

CVE-2016-10228

Published: 2 March 2017

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Priority

Negligible

CVSS 3 base score: 5.9

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream Needed

xenial Does not exist

yakkety Does not exist

zesty Does not exist

glibc
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (2.27-3ubuntu1.5)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal
Released (2.31-0ubuntu9.7)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(2.33-0ubuntu5)
impish Not vulnerable
(2.34-0ubuntu3)
jammy Not vulnerable
(2.34-0ubuntu3)
precise Does not exist

trusty Does not exist

upstream Needed

xenial Needed

yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07
upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d4ec75e111291851620c6aa2c4460647b7fd50d (regression fix)