CVE-2014-6040
glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
Severity Score
Exploit Likelihood
Affected Versions
29Public Exploits
2Exploited in Wild
-Decision
Descriptions
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
GNU C Library (también conocido como glibc) anterior a 2.20 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, o (5) IBM1364 a UTF-8.
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.
The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-01 CVE Reserved
- 2014-09-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-04-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://linux.oracle.com/errata/ELSA-2015-0016.html | X_refsource_confirm | |
| http://secunia.com/advisories/62100 | Third Party Advisory | |
| http://secunia.com/advisories/62146 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2014/08/29/3 | Mailing List |
|
| http://www.securityfocus.com/bid/69472 | Vdb Entry | |
| https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%... | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/09/02/1 | 2024-08-06 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=17325 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-2432-1 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3142 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-201... | 2023-02-13 | |
| https://security.gentoo.org/glsa/201602-02 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2014-6040 | 2015-03-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1135841 | 2015-03-05 |